Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Blackscreen nach "Windowszeichen"

Blackscreen nach "Windowszeichen"


Plagegeister aller Art und deren Bekämpfung: Blackscreen nach "Windowszeichen"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.02.2013, 18:25   #1
Robin0308
 
Blackscreen nach "Windowszeichen" - Standard

Blackscreen nach "Windowszeichen"


Hallo liebe trojaner-boarder,

ich habe seit ungefähr 4 Stunden ein Problem, es liegt darin, das ich meinen Rechner nur im abgesichertet Modus verwenden kann.
Ich benutze Windows7 (32-Bit)

Es ging alles ganz normal, als ich ihn gestartet hatte, ich war zwischen durch für ca 20 Minuten weg, und als ich wieder kam, war mein Monitor schwarz. Ich dachte er sei "eingschlafen" und bewegte Maus bzw. drückte auf die Tastatur, als das alles nicht funktionierte, habe ich ihn per reboot-Knopf neugestartet. Er fuhr ganznormal und ihn normaler Geschwindigkeit hoch, bis zum "Windowszeichen", denn ab da schaltet der Monitor aus bzw. der Rechner gibt ihm kein Signal mehr aus.
Zurücksetzt hat auch nicht gebracht und Virenscanner sagen mir auch nichts.
Ich hab die 3 Programme, "Defogger", "OTL" und "Gmer" bereits durchlaufen lassen, und poste die .txt Daten hier schon mal:

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:28 on 01/02/2013 (Robin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:
Code:
ATTFilter
OTL logfile created on: 01.02.2013 15:36:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robin\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,38 Gb Available Physical Memory | 92,24% Memory free
16,00 Gb Paging File | 15,48 Gb Available in Paging File | 96,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 325,06 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 364,98 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive E: | 1,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ROBIN-PC | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.01 15:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2012.11.13 21:53:04 | 000,121,472 | ---- | M] () -- C:\Programme\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2012.06.18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Programme\Notepad++\NppShell_05.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2013.01.19 19:49:50 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.19 09:16:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.05 16:08:42 | 000,109,064 | ---- | M] (Wajam) [On_Demand | Stopped] -- C:\Programme\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012.10.02 16:20:26 | 001,008,496 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2012.09.28 15:42:26 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2004.02.26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.11.13 21:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012.10.23 12:18:34 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.23 12:18:34 | 000,360,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.23 12:18:34 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.23 12:18:33 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.23 12:18:32 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.09.26 19:11:42 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2012.09.19 09:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.09.19 09:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.08.02 14:57:34 | 000,047,432 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Programme\FreeRide Games\X6XSEx_Pr148.sys -- (X6XSEx_Pr148)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.04.09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.11.05 21:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2007.01.12 19:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.07.05 13:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb201?a=6R8N7ThepV&i=26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D1 FF 2D 63 BF BD CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}: "URL" = hxxp://www.basicscan.com/?prt=BscscnPB&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6R8N7ThepV&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1473
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7B6AA54174-C9E8-4B07-95A0-0FBC19CBE64C%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.10.29 20:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.03 16:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.19 20:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 09:16:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 09:16:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.26 19:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\Extensions
[2013.01.26 18:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\qqe3u6l8.default\extensions
[2012.12.03 16:12:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\qqe3u6l8.default\extensions\ffxtlbr@incredibar.com
[2012.12.22 14:07:09 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\qqe3u6l8.default\extensions\plugin@yontoo.com
[2012.12.11 16:43:43 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\qqe3u6l8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.31 21:25:05 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\qqe3u6l8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.26 18:24:07 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Robin\AppData\Roaming\mozilla\firefox\profiles\qqe3u6l8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.19 09:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 09:16:06 | 000,000,000 | ---D | M] (BasicScan) -- C:\Programme\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
[2012.10.29 20:20:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.01.19 09:16:06 | 000,000,000 | ---D | M] (BasicScan) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
[2013.01.19 09:16:10 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Plus_Download-Version\Trayserver_DE.exe (MAGIX AG)
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKCU..\Run: [Exetender_148] C:\Program Files\FreeRide Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\1\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Robin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095}  (ExentInf1 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EFCBD6C-8990-4608-83E8-EF316B74AF36}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4edb9710-07ff-11e2-abd3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4edb9710-07ff-11e2-abd3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.01 15:29:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2013.02.01 10:42:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2013.01.30 21:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Purplehills
[2013.01.30 19:12:21 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\LogMeIn Hamachi
[2013.01.30 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\ICQ
[2013.01.30 18:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2013.01.26 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Monte Cristo
[2013.01.26 22:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Monte Cristo
[2013.01.21 19:30:12 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.01.21 19:28:31 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Atari
[2013.01.21 19:28:19 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.21 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\RCT3
[2013.01.21 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\My Pictures
[2013.01.21 19:26:53 | 000,000,000 | ---D | C] -- C:\Users\Robin\Documents\My Music
[2013.01.21 19:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2013.01.21 19:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013.01.21 19:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[2013.01.20 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2013.01.20 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Quadriga Games
[2013.01.20 18:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\ProtectDisc Driver Installer
[2013.01.20 18:16:36 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\ProtectDISC
[2013.01.20 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.01.20 17:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.20 17:00:39 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emergency 2012
[2013.01.20 16:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\Quadriga Games
[2013.01.20 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeRide Games
[2013.01.20 10:55:21 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013.01.20 10:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRide Games
[2013.01.20 10:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Exent Technologies
[2013.01.19 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.14 15:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobra 11 - Highway Nights
[2013.01.14 15:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Cobra 11 - Highway Nights
[2013.01.04 15:30:38 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Local\Razer
[2013.01.04 15:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.01.04 15:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.01.04 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2013.01.03 20:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.01.03 11:04:24 | 000,000,000 | ---D | C] -- C:\Users\Robin\AppData\Roaming\WorldPainter
[2013.01.03 11:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter
[2013.01.03 11:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\WorldPainter
[2013.01.02 22:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2012.09.30 20:06:29 | 000,948,544 | ---- | C] (Boonty                                                      ) -- C:\Program Files\alarmfuercobra11burningwheels{389357}.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.01 15:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robin\Desktop\OTL.exe
[2013.02.01 15:28:30 | 000,000,000 | ---- | M] () -- C:\Users\Robin\defogger_reenable
[2013.02.01 15:27:54 | 000,050,477 | ---- | M] () -- C:\Users\Robin\Desktop\Defogger.exe
[2013.02.01 15:04:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.01 15:04:17 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 18:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.30 10:36:25 | 000,010,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 10:36:25 | 000,010,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.30 10:29:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.27 21:58:15 | 000,020,710 | ---- | M] () -- C:\Users\Robin\Desktop\Vorsicht.jpg
[2013.01.26 22:50:02 | 000,000,598 | ---- | M] () -- C:\Users\Robin\Desktop\Cities XL.lnk
[2013.01.24 13:45:53 | 000,443,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.21 19:51:43 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.01.21 19:30:12 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2013.01.20 19:40:28 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001811.LCS
[2013.01.20 18:16:34 | 000,001,394 | ---- | M] () -- C:\Users\Robin\Desktop\Emergency 2012.lnk
[2013.01.19 20:06:27 | 000,697,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.19 20:06:27 | 000,652,426 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.19 20:06:27 | 000,148,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.19 20:06:27 | 000,121,358 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.19 09:22:11 | 007,918,371 | ---- | M] () -- C:\Users\Robin\Desktop\Blockupy[BETA].zip
[2013.01.19 09:21:22 | 000,004,548 | ---- | M] () -- C:\Users\Robin\AppData\Local\recently-used.xbel
[2013.01.16 20:11:26 | 040,166,823 | ---- | M] () -- C:\Users\Robin\Desktop\64px 4.6.1 [mc1.4.4] HD MK WORKING.zip
[2013.01.14 15:57:58 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Cobra 11 Highway-Nights.lnk
[2013.01.04 15:30:24 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.01.03 20:05:29 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.03 11:04:08 | 000,001,917 | ---- | M] () -- C:\Users\Robin\Desktop\WorldPainter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.01 15:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Robin\defogger_reenable
[2013.02.01 15:27:53 | 000,050,477 | ---- | C] () -- C:\Users\Robin\Desktop\Defogger.exe
[2013.01.27 21:58:15 | 000,020,710 | ---- | C] () -- C:\Users\Robin\Desktop\Vorsicht.jpg
[2013.01.26 22:50:02 | 000,000,598 | ---- | C] () -- C:\Users\Robin\Desktop\Cities XL.lnk
[2013.01.23 21:23:17 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.01.21 19:27:51 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.01.21 19:26:50 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2013.01.20 18:16:38 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001811.LCS
[2013.01.20 18:16:34 | 000,001,394 | ---- | C] () -- C:\Users\Robin\Desktop\Emergency 2012.lnk
[2013.01.20 10:55:23 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRide Games.lnk
[2013.01.19 09:21:22 | 000,004,548 | ---- | C] () -- C:\Users\Robin\AppData\Local\recently-used.xbel
[2013.01.18 16:16:24 | 007,918,371 | ---- | C] () -- C:\Users\Robin\Desktop\Blockupy[BETA].zip
[2013.01.16 20:11:31 | 000,656,872 | ---- | C] () -- C:\Users\Robin\Desktop\items2.png
[2013.01.14 21:25:58 | 001,911,221 | ---- | C] () -- C:\Users\Robin\Desktop\terrain (2).png
[2013.01.14 21:24:32 | 040,166,823 | ---- | C] () -- C:\Users\Robin\Desktop\64px 4.6.1 [mc1.4.4] HD MK WORKING.zip
[2013.01.14 15:57:58 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Cobra 11 Highway-Nights.lnk
[2013.01.04 15:30:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.01.03 20:05:29 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.01.03 20:03:05 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 20:03:03 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 11:04:08 | 000,001,917 | ---- | C] () -- C:\Users\Robin\Desktop\WorldPainter.lnk
[2012.12.19 19:58:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.12.19 13:41:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.03 16:12:01 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.12.03 16:12:01 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.10.31 22:36:30 | 000,000,017 | ---- | C] () -- C:\Users\Robin\AppData\Local\resmon.resmoncfg
[2012.10.31 13:23:45 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012.10.31 12:51:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.10.31 12:50:24 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.10.14 11:58:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\04b15e15c8be4713e96cbd3f7ef182ab_c
[2012.09.30 20:06:32 | 000,000,260 | ---- | C] () -- C:\Program Files\389357.ini
[2012.09.30 20:05:00 | 436,484,218 | ---- | C] () -- C:\Program Files\alarmfuercobra11burningwheels{389357}-3.bin
[2012.09.30 20:02:55 | 650,457,664 | ---- | C] () -- C:\Program Files\alarmfuercobra11burningwheels{389357}-2.bin
[2012.09.30 19:59:52 | 649,514,560 | ---- | C] () -- C:\Program Files\alarmfuercobra11burningwheels{389357}-1.bin
[2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.09.27 14:34:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.08.28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.08.28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.08.28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.07.28 02:30:54 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.07.28 02:30:54 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.01 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\.minecraft
[2013.01.01 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\.Nitrous
[2013.01.13 14:03:39 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\.techniclauncher
[2013.01.21 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Atari
[2012.11.24 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012.12.19 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DVDVideoSoft
[2012.10.07 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.16 21:54:50 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\FileZilla
[2012.10.19 12:46:43 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Foxit Software
[2012.12.23 11:59:35 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ftblauncher
[2013.02.01 14:20:15 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ICQ
[2012.11.02 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\MAGIX
[2012.10.17 16:28:48 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\MTE
[2012.10.19 14:47:21 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\MudTV
[2013.01.09 14:20:38 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Notepad++
[2012.12.01 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\OpenOffice.org
[2013.01.20 18:16:36 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\ProtectDISC
[2012.11.02 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Publish Providers
[2012.11.23 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\pymclevel
[2012.11.13 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Samsung
[2012.11.02 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Sony
[2012.10.25 21:30:41 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\TeamViewer
[2013.01.23 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\TS3Client
[2012.10.31 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Ulead Systems
[2013.01.07 18:55:36 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Vocup
[2012.10.09 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\wargaming.net
[2013.01.04 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\WorldPainter
[2012.10.07 13:48:45 | 000,000,000 | ---D | M] -- C:\Users\Robin\AppData\Roaming\Youtube Downloader HD
 
========== Purity Check ==========
 
 

< End of report >

Extras:
Code:
ATTFilter
OTL Extras logfile created on: 01.02.2013 15:29:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Robin\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,17 Gb Available Physical Memory | 89,68% Memory free
16,00 Gb Paging File | 15,22 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 325,07 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 364,98 Gb Free Space | 78,36% Space Free | Partition Type: NTFS
Drive E: | 1,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ROBIN-PC | User Name: Robin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015FCB1D-977A-4B1E-B452-00A7650D28A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0AC2576E-339C-41FD-B462-8E9F93B1A8FF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15C1E13C-ECFF-452D-9FF8-A4A6706E56CD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{17730D29-DFDF-4968-91B3-D3E2AFEFDF12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1DA15E28-99CA-4EEA-9936-B6C2B682FA81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E2BC8BE-BE5E-4E6C-A1C5-D708E7C14C5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F080493-6FD1-4D84-8FA4-BA355F311777}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2FB07E99-10FC-4F49-A2A3-8CE6D4E16D0A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{32EB8132-60CA-444D-8054-067622358C34}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{432B5E72-6F41-4252-8BCC-9770BAC3A960}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44618149-9E99-4EC5-BBDE-7685A7B08327}" = rport=139 | protocol=6 | dir=out | app=system | 
"{514A8644-9E38-41ED-95ED-619F554CCA96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5BF434E8-7DFC-41F8-9BAA-F1BD38BF6241}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9430389A-7D48-44B3-9760-37959A73FD91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2214141-F080-41AA-BDAB-FC890FEC4A6E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C2F35784-B401-4C39-B93E-01EE984C2A6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CC24066C-5010-4A1F-A972-CDF07D20F08A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D3844204-4E48-49CE-9308-095BDDE37F16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E77710E5-DA57-4438-8B6C-9B6081A47E9D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F2A70ADB-C123-49DF-AD7D-54908FA6B018}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FA416D63-D9D0-4FF5-8B45-F7E9A414AB9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01378EB2-98F8-4EA4-AA1F-9CCFFFA84753}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{08E84F42-4E53-4179-B0D7-1BB89CC1518B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{09FC7561-146F-4430-AF6A-0C1B380BA0D1}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{1B206BA4-B57F-4535-8ACA-75792D573317}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D9D5A74-FA47-4A5A-9B6B-D3F700248A1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2062F9D1-9E32-42FF-BA7C-ABE46E8F5097}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2154EA5B-D1C9-4D6E-B909-628FB6E17D17}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{25E3E5EC-ADBC-47C8-BF99-89D59329A4A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E9726C1-A7DB-453E-9F09-7DD4769E8678}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2F539FB4-ECCA-492A-8454-2E29A5A53F2F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{39AA19E8-DC18-49C1-9654-BC7F915A13F2}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{3CAC2C6F-F571-4AD6-8051-4E2AB9DBD355}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{4578E3C4-FC6F-41E9-9FA0-1ADB204802D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4DE5AA92-B9AA-45DD-9C39-F6D05EA6AE44}" = protocol=17 | dir=in | app=c:\program files\steam\1\steam.exe | 
"{56FF505F-6F15-4799-8DA0-79EBF2700338}" = protocol=6 | dir=out | app=system | 
"{5A256C83-92E4-4EEB-8A6A-15935DB0D5B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5C9DC746-17D3-46DD-9F88-A56F5B84863D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{62F35A2C-51F6-4487-903F-B991DA4E43BE}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{69023A57-C826-4023-BEAF-3500EAD15847}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{6968FCED-B9AE-412F-A78B-F6C91530C8FF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{6C4DC176-769E-4CDD-B7A2-15BA63202293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70F665A0-9520-486C-BEB6-B914F7879D64}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7B7D80BA-A739-4A46-93D6-347AA029E245}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A396479-97FD-4AF1-AC9D-00639A42EE16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9163CC3D-165A-4CA3-91C3-9BC95A97E544}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{929DF858-FB95-439E-B6D4-07574FA365A8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{9922E8A0-A909-4A46-A2FD-C26980876422}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{A29CEE43-F200-4E84-9742-A0AA6C396246}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B048EC2D-DE7B-4A0E-AA1F-E2FB8B6FCC07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B45814D3-5DF5-48CF-A9AE-E30B21186EA3}" = protocol=6 | dir=in | app=c:\program files\steam\1\steam.exe | 
"{BB43A270-4F8B-437A-B0B7-98AA3333AAEA}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{BDA34DD0-0D4A-4DAD-A2F1-4BAEA3BDEEC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C46EE53F-1901-4625-99D1-6E74DA4448EC}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{C66F880E-A8C4-445B-803E-E593F7C19C4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{CB67BB82-B95E-4733-A877-794F74114FCB}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{D5E653FD-DC82-4865-9058-26D48F733A28}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E042E499-12D0-4F46-8B97-F25D1E5814F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2EE389A-648B-470E-8D40-BF87D0483F4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3BE9A4B-2B6F-40AD-A387-848819A08B5C}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{EB930E15-1CFC-4627-A0F4-B5CB7B1EF69C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ECD21368-0464-4DBA-B290-9CEFD70ED0D1}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{F289419C-ED85-4675-AA2A-F152925805F9}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{F3460CD7-2952-44EB-8CF0-F4A9B8CE32B8}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{F5E52990-E364-44ED-A008-263CFD159DCC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{FD588DFB-F1B2-455B-81B5-1B57E0F51036}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{09CE3771-B419-4706-8E1C-324FF1717A84}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{39F14051-6C2D-45A5-88BD-3A95D52FD89D}C:\program files\trackmania sunrise\tmsunrise.exe" = protocol=6 | dir=in | app=c:\program files\trackmania sunrise\tmsunrise.exe | 
"TCP Query User{3B657AAD-C487-4B8D-A8FB-A74C3910E096}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{4EDF62F4-6321-4A7E-8B53-D825B93CE2DC}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{8469F59D-5B6B-4C9F-BC88-AF07630FB8C4}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{9A0743A1-EC7C-4960-AA96-9E63D6510F61}C:\program files\quadriga games\emergency 2012\bin.x86\em2012.exe" = protocol=6 | dir=in | app=c:\program files\quadriga games\emergency 2012\bin.x86\em2012.exe | 
"TCP Query User{BBAA4913-1FE2-4ECB-A1F5-E2608360EE3C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{CE64C36C-B5FF-43D9-A845-06A2AEB56D51}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{F5FC0A6A-FE61-4921-B697-D68474417B6C}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{202EAD6A-6A7A-44A6-928C-0786DBBF8827}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{265C5857-D844-4771-8BA2-4C4CB287025E}C:\program files\quadriga games\emergency 2012\bin.x86\em2012.exe" = protocol=17 | dir=in | app=c:\program files\quadriga games\emergency 2012\bin.x86\em2012.exe | 
"UDP Query User{424023C2-0462-4E3A-9982-4492D9DC39CB}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{8721959C-E75B-4583-8BE6-2DC04FE43CA5}C:\program files\trackmania sunrise\tmsunrise.exe" = protocol=17 | dir=in | app=c:\program files\trackmania sunrise\tmsunrise.exe | 
"UDP Query User{9A2F8A65-B70D-44BE-8606-CEB2CFBDAE72}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{A9FFC008-11FF-4360-B398-0FF26BFBD9DD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{ADC55C8B-A739-40DD-903B-23AC89B000A9}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{C7574A70-DCE1-40B6-B426-925001152E95}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{F27F7357-C34C-4AAA-85F5-A4637F22A8C2}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{235493EC-B417-48E1-8445-49060A654EAE}" = TG-MOD
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2DAF4D9B-1DCB-4160-845B-B78721C3BEC6}" = TransportGigant: Down Under
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.110
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE VCD
"{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders
"{5B9C7C4F-A1CB-11E0-9E40-0013D3D69929}" = Vegas Pro 10.0
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{61B65BA2-ACB0-4109-B6AC-C73A93106FA6}" = MAGIX Screenshare
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{68D73A1E-9B15-4519-8B62-67606DA80082}" = MAGIX Speed burnR (MSI)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91D18A92-69C2-9A7B-6662-159D8E6CBEF1}" = Project ROME
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD6518A-539D-8E0D-2C72-E51A62978096}" = AMD Drag and Drop Transcoding
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = TransportGigant
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C35BBC64-E7B7-B699-E5D8-CE5989061F93}" = HydraVision
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C960FB07-BBAA-4D26-BE81-D119A15A6E84}" = MAGIX Video deluxe MX Plus Download-Version
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D186EE99-F905-4F87-B188-01D60D8FF1B3}" = Just Flight - Traffic X
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA042EF2-5103-2F7E-C313-976C6F761EBE}" = AMD Fuel
"{FC529949-EECA-2BF6-02AC-8041AD76B4B5}" = Application Profiles
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"4144-4862-0472-7103" = WorldPainter 1.0.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCutter" = AudioCutter Cinema
"avast" = avast! Free Antivirus
"Cities XL" = Cities XL
"com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Project ROME
"Emergency 2012" = Emergency 2012
"FileZilla Client" = FileZilla Client 3.6.0.2
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.19.1015
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GIMP-2_is1" = GIMP 2.8.2
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.0 (Basic)
"MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.0.12 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus Download-Version
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Minecraft Texturepack Editor" = Minecraft Texturepack Editor
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Steam App 218" = Source SDK Base 2007
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"TrackMania_is1" = TrackMania
"Vocup_is1" = Vocup 1.4.3
"Wajam" = Wajam
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WNLT" = IB Updater Service
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"gamesleapSA" = GamesLeap
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2013 11:42:00 | Computer Name = Robin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HighwayNightsHi.exe, Version: 3.1.1.0,
 Zeitstempel: 0x4ae74024  Name des fehlerhaften Moduls: HighwayNightsHi.exe, Version:
 3.1.1.0, Zeitstempel: 0x4ae74024  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00198d48
ID
 des fehlerhaften Prozesses: 0x1acc  Startzeit der fehlerhaften Anwendung: 0x01cdf71e3f20d652
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Cobra 11 - Highway Nights\HighwayNightsHi.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Cobra 11 - Highway Nights\HighwayNightsHi.exe
Berichtskennung:
 ed4b1560-6317-11e2-8499-0025224b513c
 
Error - 20.01.2013 15:40:19 | Computer Name = Robin-PC | Source = Application Hang | ID = 1002
Description = Programm em2012.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 163c    Startzeit:
 01cdf743d4f39005    Endzeit: 42    Anwendungspfad: C:\Program Files\Quadriga Games\Emergency
 2012\bin.x86\em2012.exe    Berichts-ID:   
 
Error - 21.01.2013 14:23:11 | Computer Name = Robin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.01.2013 16:23:25 | Computer Name = Robin-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Robin\Downloads\worldpainter_64_1.0.3.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 26.01.2013 17:13:13 | Computer Name = Robin-PC | Source = VSS | ID = 8194
Description = 
 
Error - 27.01.2013 09:12:09 | Computer Name = Robin-PC | Source = Application Hang | ID = 1002
Description = Programm em2012.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 804    Startzeit: 
01cdfc856c5e8329    Endzeit: 5678    Anwendungspfad: C:\Program Files\Quadriga Games\Emergency
 2012\bin.x86\em2012.exe    Berichts-ID:   
 
Error - 31.01.2013 09:27:46 | Computer Name = Robin-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1178    Startzeit: 01cdffb6c0415bb1    Endzeit: 10    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 01.02.2013 08:42:57 | Computer Name = Robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.02.2013 08:42:57 | Computer Name = Robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2016
 
Error - 01.02.2013 08:42:57 | Computer Name = Robin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2016
 
[ System Events ]
Error - 01.02.2013 10:28:00 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:28:00 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:28:00 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:28:00 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:28:00 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:33:02 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:33:02 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:33:02 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:35:08 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 01.02.2013 10:35:08 | Computer Name = Robin-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >


gmer:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-01 16:24:42
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\0000005d WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Robin\AppData\Local\Temp\awtorpod.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrlICE.exe!ZwSaveKeyEx + 13AD         82054599 1 Byte  [06]
.text  ntkrlICE.exe!KiDispatchInterrupt + 5A2  82078F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- EOF - GMER 2.0 ----


Hoffe ich hab alles wichtige geschrieben.
Ich danke euch schonmal für eure Hilfe.

Grüße Robin

 

Themen zu Blackscreen nach "Windowszeichen"
adware.basicscan, adware.hotbar, adware.hotbar.gl, adware.zwangi, antivirus, autorun, blackscreen, downloader, firefox, iexplore.exe, install.exe, installation, maus, mozilla, msiexec.exe, msvcrt, object, plug-in, problem, pup.bundleinstaller.ib, pup.installbrain, pup.offerware, registry, rundll, svchost.exe, sweetpacks, tastatur, teamspeak, texturepack, vdeck.exe, wajam, windows, youtube downloader


« GVU Trojaner eingefangen und habe bereits mit OTL Bootdatei gebootet | Folgendes Zeichen kommt andauern von selbst: ´´´´´´´´´´´´´´´´´ »


Ähnliche Themen: Blackscreen nach "Windowszeichen"


  1. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  4. Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"
    Log-Analyse und Auswertung - 07.09.2014 (5)
  5. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  8. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  9. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  10. Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung
    Log-Analyse und Auswertung - 16.03.2012 (8)
  11. Blackscreen und Meldung "Ihr Windowssystem wurde aus Sicherheitsgründen gesperrt. Bezahlen & Her..."
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (6)
  12. Blackscreen, "angebliche Windows Sicherheitswarnung" maleware?
    Log-Analyse und Auswertung - 05.02.2012 (1)
  13. Blackscreen + "Lags" Was tun
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (3)
  14. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  15. "HotFixInstallerUI.dll" und "eula.rtf" nach Update / Jetzt externe Festplatte defekt
    Plagegeister aller Art und deren Bekämpfung - 01.12.2009 (2)
  16. Nach Virenentfernung "Blackscreen"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2008 (2)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Blackscreen nach "Windowszeichen" - Hallo liebe trojaner-boarder, ich habe seit ungefähr 4 Stunden ein Problem, es liegt darin, das ich meinen Rechner nur im abgesichertet Modus verwenden kann. Ich benutze Windows7 (32-Bit) Es ging - Blackscreen nach "Windowszeichen"...
Archiv
Du betrachtest: Blackscreen nach "Windowszeichen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131