![]() |
|
Log-Analyse und Auswertung: Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? Hallo, seit kurzem stürzt mein Firefox andauernd ab, nach einer Weile. Habe schon alles probiert, abgesicherter Modus des FF und abgesicherter Modus von Windows. Neue Profil, FF Mobile probiert, etc. Kein Erfolg. Gestern hatte ich nun einen Bluescreen. Nun möchte ich wissen, ob hier Malware drauf ist? Code:
ATTFilter Der Computer wurde nach einem schwerwiegenden Fehler neu gestartet. Der Fehlercode war: 0x0000000a (0xfffffa8019c52010, 0x0000000000000002, 0x0000000000000001, 0xfffff80003135e96). Ein volles Abbild wurde gespeichert in: C:\Windows\MEMORY.DMP. Berichts-ID: 030813-16473-01. Code:
ATTFilter [Microsoft (R) Windows Debugger Version 6.10.0003.233 X86 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\MEMORY.DMP] Kernel Summary Dump File: Only kernel address space is available Symbol search path is: srv*c:\websymbols*hxxp://msdl.microsoft.com/download/symbols Executable search path is: Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Personal Built by: 7601.18044.amd64fre.win7sp1_gdr.130104-1431 Machine Name: Kernel base = 0xfffff800`03003000 PsLoadedModuleList = 0xfffff800`03247670 Debug session time: Fri Mar 8 22:48:16.507 2013 (GMT+1) System Uptime: 0 days 9:09:29.725 Loading Kernel Symbols ............................................................... ................................................................ ............................. Loading User Symbols Loading unloaded module list ..... The context is partially valid. Only x86 user-mode context is available. The wow64exts extension must be loaded to access 32-bit state. .load wow64exts will do this if you haven't loaded it already. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck A, {fffffa8019c52010, 2, 1, fffff80003135e96} Probably caused by : Unknown_Image ( nt!MiReleaseConfirmedPageFileSpace+86 ) Followup: MachineOwner --------- 16.0: kd:x86> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: fffffa8019c52010, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80003135e96, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: fffffa8019c52010 CURRENT_IRQL: 0 FAULTING_IP: nt!MiReleaseConfirmedPageFileSpace+86 fffff800`03135e96 48 dec eax DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0xA LAST_CONTROL_TRANSFER: from 0000000000000000 to 0000000000000000 STACK_TEXT: 00000000 00000000 00000000 00000000 00000000 0x0 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: nt!MiReleaseConfirmedPageFileSpace+86 fffff800`03135e96 48 dec eax SYMBOL_NAME: nt!MiReleaseConfirmedPageFileSpace+86 FOLLOWUP_NAME: MachineOwner DEBUG_FLR_IMAGE_TIMESTAMP: 0 IMAGE_NAME: Unknown_Image BUCKET_ID: INVALID_KERNEL_CONTEXT MODULE_NAME: Unknown_Module Followup: MachineOwner Otl: Code:
ATTFilter OTL logfile created on: 09.03.2013 14:51:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\123456\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free 15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe PRC - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:24:04 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012.03.01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe PRC - [2010.11.16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 16:24:48 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.02.19 16:24:48 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2013.02.15 11:22:29 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\e0c821e627baf606525b6ced41023f7a\System.Web.ni.dll MOD - [2013.02.15 11:22:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.15 10:36:45 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.02.11 01:51:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.02.10 23:43:07 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.02.10 23:43:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.02.10 23:43:02 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.02.10 23:43:00 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.02.10 23:42:59 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.02.10 23:42:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.02.10 23:42:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.02.10 23:42:55 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.20 01:03:02 | 000,812,544 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe MOD - [2012.04.26 14:38:30 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.03.08 14:37:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 15:30:59 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.19 16:24:48 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2013.02.12 16:25:40 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:24:04 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.08 13:45:51 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.31 13:36:46 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.16 13:01:38 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2010.11.16 14:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.12.24 21:15:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.11 16:24:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:24:01 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.29 06:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.08.29 15:56:50 | 000,139,264 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\camfilt2.sys -- (camfilt2) DRV:64bit: - [2007.07.13 11:45:24 | 000,172,928 | ---- | M] (OmniVision Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ov530vx.sys -- (OM0530) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 6E E5 B9 C5 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r= IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FC866619-3B7A-4B7A-814E-F67001387215}&mid=eb32383579de47d08cf7125819465495-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=bm012&pr=sa&d=2012-12-16 22:01:35&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/| mydealz.de" FF - prefs.js..extensions.enabledAddons: spam%40trashmail.net:2.6.2 FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\123456\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.19 16:25:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:37:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.18 19:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Extensions [2013.03.03 21:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions [2013.02.28 19:53:33 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\123456\AppData\Roaming\mozilla\Firefox\Profiles\wxyhjvea.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.09 11:28:24 | 000,020,667 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\firefox1@myibay.com.xpi [2012.12.30 21:44:10 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\spam@trashmail.net.xpi [2013.03.03 21:40:46 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 21:03:55 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.23 20:01:23 | 000,001,919 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\leo-deu-fra.xml [2012.11.24 13:38:48 | 000,002,057 | ---- | M] () -- C:\Users\123456\AppData\Roaming\mozilla\firefox\profiles\wxyhjvea.default\searchplugins\youtube-videosuche.xml [2013.03.08 14:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:37:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.19 16:25:19 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.t-online.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.t-online.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\123456\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\123456\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Docs = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Security Toolbar = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: Google Mail = C:\Users\123456\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iFunBoxConnector] C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20E6F76C-33E3-48C8-9FFA-FF2279BACD37}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CEB6A0-7F0E-4479-BF60-43500C3A5D1B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.08 22:57:22 | 000,000,089 | R--- | M] () - D:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.07.14 05:08:11 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell - "" = AutoRun O33 - MountPoints2\{89737294-4db5-11e2-a88a-b80bedbf7b18}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3af6-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell - "" = AutoRun O33 - MountPoints2\{902f3b1a-71e5-11e2-b562-e34f4a374765}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell - "" = AutoRun O33 - MountPoints2\{b4395aeb-3325-11e2-9cea-e7e261a91111}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009.07.14 05:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c595932a-317c-11e2-a65d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.06.08 22:57:22 | 001,680,744 | R--- | M] (Hewlett-Packard Co.) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.09 14:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe [2013.03.08 23:35:12 | 000,000,000 | ---D | C] -- C:\websymbols [2013.03.08 23:29:27 | 000,000,000 | ---D | C] -- C:\symbols [2013.03.08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86) [2013.03.08 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Debugging Tools for Windows (x86) [2013.03.08 22:50:53 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\ElevatedDiagnostics [2013.03.08 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\HpUpdate [2013.03.08 16:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.08 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.08 16:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013.03.08 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.08 16:02:46 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\HP [2013.03.08 14:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 13:50:44 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Paris [2013.03.06 14:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.06 14:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.06 10:46:05 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.03.06 10:45:59 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Google [2013.03.02 16:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 16:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.28 19:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.28 12:39:04 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.24 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.24 22:26:40 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\kuaiyong [2013.02.24 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong [2013.02.22 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.20 15:31:06 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.20 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013.02.11 00:02:38 | 000,000,000 | ---D | C] -- C:\Download [2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Roaming\Samsung [2013.02.11 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\123456\Documents\My Videos [2013.02.11 00:02:22 | 000,000,000 | ---D | C] -- C:\AllShare [2013.02.11 00:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.02.11 00:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.02.10 23:40:00 | 000,000,000 | ---D | C] -- C:\Users\123456\AppData\Local\Downloaded Installations [2013.02.08 13:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2013.02.08 13:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner [2013.02.08 13:46:08 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.02.08 13:46:08 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.02.08 13:46:08 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.02.08 13:46:08 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.02.08 13:46:08 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.02.08 13:46:04 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.02.08 13:46:04 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.02.08 13:46:04 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.02.08 13:46:04 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.02.08 13:46:04 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [2013.02.08 13:45:59 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.02.08 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner [2013.02.08 13:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2013.02.07 20:33:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.07 20:33:13 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.07 20:33:12 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.07 20:33:12 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.07 20:33:12 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.07 20:33:12 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.07 20:33:09 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.07 20:33:09 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.07 20:33:08 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.07 20:33:08 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.07 20:33:08 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.07 20:33:07 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.07 20:33:07 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.07 20:33:07 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.07 20:33:03 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.07 20:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.07 20:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.07 20:29:52 | 000,000,000 | ---D | C] -- C:\Users\123456\Desktop\Audio(6559) [2013.02.07 19:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.07 19:15:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.09 14:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\123456\Desktop\OTL.exe [2013.03.09 14:49:56 | 000,000,178 | ---- | M] () -- C:\Users\123456\defogger_reenable [2013.03.09 14:49:09 | 000,050,477 | ---- | M] () -- C:\Users\123456\Desktop\Defogger.exe [2013.03.09 14:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.09 13:55:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 12:39:30 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 12:39:09 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.09 12:39:09 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.09 12:39:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.09 12:39:09 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.09 12:39:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.09 12:32:04 | 000,001,962 | ---- | M] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.09 12:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 12:31:37 | 2064,932,863 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 22:49:20 | 581,628,762 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.08 17:36:58 | 000,353,914 | ---- | M] () -- C:\Users\123456\Documents\Scan0001.jpg [2013.03.08 16:04:12 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.06 22:48:03 | 000,017,118 | ---- | M] () -- C:\Users\123456\Desktop\Fr. Revolution.odt [2013.03.06 15:56:35 | 000,002,366 | ---- | M] () -- C:\Users\123456\Desktop\Google Chrome.lnk [2013.03.06 10:55:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.04 21:32:42 | 000,587,518 | ---- | M] () -- C:\Users\123456\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:46:30 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.20 15:31:06 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.19 16:24:48 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.15 14:55:26 | 004,917,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.15 11:42:50 | 000,015,308 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt [2013.02.11 17:38:19 | 000,013,388 | ---- | M] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt [2013.02.10 23:44:43 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.08 13:46:20 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.02.08 13:46:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.02.08 13:45:52 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2013.02.08 13:45:52 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.02.08 13:45:52 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys [2013.02.08 13:45:52 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.02.08 13:45:52 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.02.08 13:45:52 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys [2013.02.08 13:45:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys [2013.02.08 13:45:52 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys [2013.02.08 13:45:52 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2013.02.08 13:45:52 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys [2013.02.08 13:45:52 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.09 14:49:56 | 000,000,178 | ---- | C] () -- C:\Users\123456\defogger_reenable [2013.03.09 14:49:08 | 000,050,477 | ---- | C] () -- C:\Users\123456\Desktop\Defogger.exe [2013.03.08 17:36:58 | 000,353,914 | ---- | C] () -- C:\Users\123456\Documents\Scan0001.jpg [2013.03.08 16:06:30 | 000,001,962 | ---- | C] () -- C:\Users\123456\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series (Netzwerk).lnk [2013.03.08 16:04:12 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk [2013.03.08 16:03:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.06 19:47:23 | 000,017,118 | ---- | C] () -- C:\Users\123456\Desktop\Fr. Revolution.odt [2013.03.06 10:46:05 | 000,002,366 | ---- | C] () -- C:\Users\123456\Desktop\Google Chrome.lnk [2013.03.06 10:45:59 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000UA.job [2013.03.06 10:45:59 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-292015937-2432269509-3246440885-1000Core.job [2013.03.04 20:03:16 | 000,587,518 | ---- | C] () -- C:\Users\123456\Desktop\PP.odp [2013.03.02 16:24:52 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.28 19:35:38 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.28 19:35:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.24 23:01:41 | 581,628,762 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.10 20:20:06 | 000,015,308 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (7).odt [2013.02.10 19:53:13 | 000,013,388 | ---- | C] () -- C:\Users\123456\Desktop\OpenDocument Text (neu) (6).odt [2013.02.08 13:46:20 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2013.02.08 13:46:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2013.02.07 20:33:10 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.02.07 20:33:08 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.13 22:25:32 | 000,068,114 | ---- | C] () -- C:\Users\123456\AppData\Local\RAContactHistory.xml [2013.01.08 02:07:11 | 000,000,600 | ---- | C] () -- C:\Users\123456\AppData\Roaming\winscp.rnd [2012.12.16 12:24:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.16 12:24:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.11.19 00:46:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.18 23:52:07 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.26 23:10:44 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.20 23:36:27 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Lite [2012.12.24 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\DAEMON Tools Pro [2012.11.26 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Exif Viewer [2013.02.24 23:35:51 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\iFunbox_UserCache [2012.11.24 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\ImgBurn [2013.02.24 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\kuaiyong [2012.11.19 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\OpenOffice.org [2012.11.26 23:57:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PDAppFlex [2013.01.13 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\PeerNetworking [2013.01.08 00:15:52 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\redsn0w [2013.02.11 00:02:29 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Samsung [2012.12.27 02:21:42 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Sinvise Systems [2012.11.19 15:51:43 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\Tibia [2012.12.06 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\123456\AppData\Roaming\TibiaTestserver ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.03.2013 14:51:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\123456\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,42% Memory free 15,79 Gb Paging File | 14,05 Gb Available in Paging File | 88,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 923,52 Gb Total Space | 643,49 Gb Free Space | 69,68% Space Free | Partition Type: NTFS Drive D: | 264,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: 123456-1337 | User Name: 123456 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{053021BC-3A73-4571-A71D-58C7C7F23756}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0F55DD08-5895-4C29-B719-50340825EC3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{15707B41-A6BF-4714-BFC4-D1E11B1B90AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{283E31E2-3CAD-4ACB-9419-DE0C506E2996}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2943C098-9DEF-48A4-91BB-3285D372759E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B6E7930-CA28-49DB-9112-E614DB8229C7}" = lport=10243 | protocol=6 | dir=in | app=system | "{300E894B-94DF-473A-ACB1-8FC17395898B}" = rport=139 | protocol=6 | dir=out | app=system | "{350B5882-14E7-4330-A073-A79AA4B7A162}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43995612-DAB4-4A44-BA7C-B1E7EE4B3A27}" = rport=137 | protocol=17 | dir=out | app=system | "{4CAC9D90-3803-4157-AB87-6EEA6666362F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E950FF8-422D-467F-B0B7-BB0EB4EF086F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5E10DA0E-4C85-4E38-B512-B981503BDAC1}" = lport=138 | protocol=17 | dir=in | app=system | "{60E7769D-D5BD-4B3B-81DA-48AB53F1EC6A}" = lport=2869 | protocol=6 | dir=in | app=system | "{6FE7BF2A-7BEE-4EF1-83ED-89A78ED3ED43}" = rport=138 | protocol=17 | dir=out | app=system | "{88A29686-A185-41CD-BBF5-3E63787BAAB0}" = lport=445 | protocol=6 | dir=in | app=system | "{9AE67F65-96BE-4B41-AC9B-4D14B8032A77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A83CF617-F190-4A36-A63C-A2F24407EB6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD0B5AD0-D10A-409F-9A0C-343030ACB703}" = lport=139 | protocol=6 | dir=in | app=system | "{B4F28FC9-2A2F-456D-B733-951F1E3242B7}" = rport=10243 | protocol=6 | dir=out | app=system | "{C90674FA-D8F2-4370-8F38-9E4E3282AD20}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DDEFB871-2EFA-46F2-A07A-1AAC90271D83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E02923A8-A5DF-48BD-A45A-02C1F9AC5E90}" = rport=445 | protocol=6 | dir=out | app=system | "{F7B0FD78-0CAC-4A5B-B041-EA0E365A619E}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0122FFF5-CC38-4080-8AA5-F8D36945B3E0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{012C5751-D7D7-4719-99BC-B7352BFA1B3C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | "{039B95B0-1F6A-4A28-8DEC-93B876E4931C}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | "{0B04AD3D-8922-4A25-8DC6-CF0A6FAF8E5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{15ABBDD8-494D-4FFA-891D-AD14EE3740A8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1A46DABE-8EAB-4FEB-8FD6-567995A6C79F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{21123BB5-D2C4-46BD-A728-A642AE94E5F7}" = protocol=17 | dir=in | app=c:\games\steam\steam.exe | "{21C049CB-6AAA-453A-BD6A-8BB6EBF6FC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3077894C-0622-486E-8E5C-FF3EE9854965}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{33F7CAEE-519E-4FC6-86F2-77B3D00D6648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3A1471BB-AA46-4BE6-8C8F-6FDEFE99ABD3}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | "{3DE54BFB-6D25-4B19-AAF4-047D7A1F998F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{434C00C1-4749-4BCA-820D-2FB41E45D0FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{554F570F-133C-4330-A9E8-FB7242E58EE7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{563C28E1-76DE-4D73-868F-052F8BED87E2}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | "{5856E4DD-7F92-4551-B875-D6CB6C83E042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5E8159B4-9FD2-441A-95FA-76EE4A09EFFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BE4A59F-B34A-4466-8AB6-0C56C2A56057}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{71E45D27-31CC-4730-BE48-A56692121C65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{73128491-9DD5-421C-BCE2-0359F9DA58D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7927B586-507F-43EB-A9D0-F8DBE826D5C1}" = protocol=6 | dir=out | app=system | "{7A89C7DA-6837-4134-B26F-7F48C0CDAAD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7E8D00E0-E1D1-42BB-B17C-BA4AFFF3EBC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D0429AF-3A6F-42B8-AAE7-CA5911E69405}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{8E65950E-9D1D-4FB1-B0B0-B39CD3617503}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | "{9495EE16-58D2-4A44-969D-4829B889817B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{96923E0B-EBCA-44C8-8AD1-AA3DB8D88199}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{9A8B5C51-3B17-4662-B5C1-31A74352E5E0}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\assassinscreed3.exe | "{9FD37AAF-59B4-4A94-AA89-AE68A85CD85C}" = protocol=6 | dir=in | app=c:\games\steam\steam.exe | "{A7AABFE5-7AC9-462A-B7C8-77757DE21552}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B4FE85CD-F5C5-4E12-94BB-47CC18018FD5}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | "{B69F3E62-8B4E-48D4-9FFB-0E8B435FFD0B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | "{B8282693-2821-43DA-A43E-722A7FA4F7E5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | "{BA465E06-0849-4F6D-AAFD-88243EB91B37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BAB37B7E-6DBD-4B9E-87BF-0DAF8DACCDAC}" = protocol=6 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3sp.exe | "{C07ECAE5-9945-4C04-8CE7-94AEA5360076}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C25A9A95-1CEB-49C3-8E1F-F706E52FFDF7}" = protocol=17 | dir=in | app=c:\games\ubisoft\assassin's creed iii\ac3mp.exe | "{CF5A42C1-F21E-47C2-9D4F-63038D7F3B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0A656A1-224B-49CB-A250-A0A2B416B57D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DB2B7EEB-93B4-4E57-89B2-1DCDBE01EE3D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DFA7B3B7-10E4-4D01-9377-5D5383A8721A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E07C5DCB-DAB1-4FD4-8C9E-CA15BB760CF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E4B87756-15AB-43D8-960D-534F390F375D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F4668864-E835-4ABD-9B62-02B34D64057C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FA10C69C-8A54-4C70-A04A-AFABC712E04D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "TCP Query User{2B6AC03A-2502-4B77-A13D-01F42EC50B6F}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{39C36E42-904F-419D-AD8D-CD6FDA551578}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "TCP Query User{6D46F09B-7858-4985-9A0C-B91D1C644203}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{8B899B12-8CF1-4FFF-938B-7DA480BCD6A4}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "TCP Query User{8D951E8D-AA47-4713-92D6-9008401A9139}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "TCP Query User{C56881E8-C579-4E6B-A9FC-26946FB4A033}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | "UDP Query User{03020424-C7B2-492E-9D72-ED61D074C143}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | "UDP Query User{4170BF26-1313-4EB4-917A-847A236435A2}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{691CAF05-E065-454C-A7A5-0A1F3A045F2B}C:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_30\bin\javaw.exe | "UDP Query User{8C171452-ED85-4FEA-84A6-100EE3FDDD91}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe | "UDP Query User{98B95902-0274-4976-8257-619706FA4A94}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{A1BCAD17-DA54-4C60-88C1-163D6AF6F7FD}C:\program files (x86)\jdownloader\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D8057953-CCF0-48B3-B61D-762C580B2A10}" = HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0630-0716-3135-7887" = JDownloader 2 "MediaInfo" = MediaInfo 0.7.61 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2 "{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Hilfe "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EBBE64F6-7E23-5857-891F-045560AECC7F}" = Application Profiles "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DAEMON Tools Pro" = DAEMON Tools Pro "Exif-Viewer" = Exif-Viewer 2.51 "Hitman Absolution Deutsch Patch-TokZic 1.00" = Hitman Absolution Deutsch Patch-TokZic 1.00 "iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam "ImgBurn" = ImgBurn "InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "mIRC" = mIRC "Mobile Partner" = Mobile Partner "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NeroVision!UninstallKey" = Nero Digital "PunkBusterSvc" = PunkBuster Services "Tibia Testserver_is1" = Tibia Testserver "Tibia_is1" = Tibia "Uplay" = Uplay "VLC media player" = VLC media player 2.0.4 "WinLiveSuite" = Windows Live Essentials "winscp3_is1" = WinSCP 5.1.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.03.2013 18:02:47 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel: 0x4f8350e0 Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.586, Zeitstempel: 0x504833fc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000017faac ID des fehlerhaften Prozesses: 0xc58 Startzeit der fehlerhaften Anwendung: 0x01ce1c488e4e1f44 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll Berichtskennung: e903c05d-883b-11e2-a5e3-e2d20d316c67 Error - 08.03.2013 18:03:24 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10 Description = Error - 08.03.2013 19:50:18 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version: 25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000051e2c ID des fehlerhaften Prozesses: 0x25e4 Startzeit der fehlerhaften Anwendung: 0x01ce1c57afafe452 Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\RPCRT4.dll Berichtskennung: ee18ca03-884a-11e2-a5e3-e2d20d316c67 Error - 08.03.2013 20:44:31 | Computer Name = 123456-1337 | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x777ddfe4] Bitte Avira informieren und die obige Datei übersenden! Error - 08.03.2013 20:58:31 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version: 25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: HPNetworkCommunicator.exe, Version: 25.0.571.0, Zeitstempel: 0x4df02205 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000051cd6 ID des fehlerhaften Prozesses: 0x2e08 Startzeit der fehlerhaften Anwendung: 0x01ce1c61311a949d Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Pfad des fehlerhaften Moduls: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Berichtskennung: 75497a31-8854-11e2-a5e3-e2d20d316c67 Error - 08.03.2013 20:58:56 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: HPNetworkCommunicator.exe, Version: 25.0.571.0, Zeitstempel: 0x4df02205 Name des fehlerhaften Moduls: HPNetworkCommunicator.exe, Version: 25.0.571.0, Zeitstempel: 0x4df02205 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000035c0 ID des fehlerhaften Prozesses: 0x2e08 Startzeit der fehlerhaften Anwendung: 0x01ce1c61311a949d Pfad der fehlerhaften Anwendung: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Pfad des fehlerhaften Moduls: C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPNetworkCommunicator.exe Berichtskennung: 845e722e-8854-11e2-a5e3-e2d20d316c67 Error - 09.03.2013 07:33:30 | Computer Name = 123456-1337 | Source = WinMgmt | ID = 10 Description = Error - 09.03.2013 09:13:02 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001e59a ID des fehlerhaften Prozesses: 0x700 Startzeit der fehlerhaften Anwendung: 0x01ce1cb9baa2c761 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 121848f6-88bb-11e2-8062-efac97c2646d Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000003700 ID des fehlerhaften Prozesses: 0x64c Startzeit der fehlerhaften Anwendung: 0x01ce1cc7f895e515 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 36b71363-88bb-11e2-8062-efac97c2646d Error - 09.03.2013 09:27:38 | Computer Name = 123456-1337 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9db Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000011f82 ID des fehlerhaften Prozesses: 0x1bfc Startzeit der fehlerhaften Anwendung: 0x01ce1cc81cfd1066 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: c:\windows\system32\sysmain.dll Berichtskennung: 1c3c0d25-88bd-11e2-8062-efac97c2646d [ System Events ] Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.03.2013 17:59:00 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error - 08.03.2013 18:01:42 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error - 09.03.2013 07:32:06 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 09.03.2013 09:13:03 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 09.03.2013 09:14:04 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 09.03.2013 09:27:39 | Computer Name = 123456-1337 | Source = Service Control Manager | ID = 7034 Description = Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. < End of report > |
Themen zu Ständiger Firefox Absturz und Bluescreen - Mögliche Malware? |
absturz, adobe reader xi, antivir, autorun, avg secure search, avg security toolbar, bluescreen, bluescreen kmode_exception_not_handled, bonjour, ccc.exe, computer, fehler, firefox, flash player, install.exe, jdownloader, logfile, malware, mozilla, msvcrt, netzwerk, plug-in, realtek, registry, rundll, secure search, security, software, svchost.exe, vtoolbarupdater |