|
Alles rund um Windows: Mehrfach plötzlicher PC-Absturz, BluescreenWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
28.04.2013, 13:51 | #1 |
| Problem: Mehrfach plötzlicher PC-Absturz, Bluescreen Hallo Gemeinde, ich hab seit heute morgen das Problem, dass mein PC immer mal wieder plötzlich abstürzt. Dabei zeigt er mir einen Bluescreen an und fährt dann neu hoch, wobei er fragt ob er Windows normal hochfahren soll oder ob im Abgesicherten Modus. Ich hatte das Problem schon einmal und da hab ich mir neue RAM-Bausteine gekauft (letztes Jahr im September) und seit dem war wieder Ruhe - bis jetzt. Bin mir jetzt nicht sicher, ob das ganze schon wieder an den RAM-Steinen liegt, daher mein Hilfegesuch an euch. Unten findet ihr noch die OTL und die Extras, nach der Anleitung von Trojaner-Board. Vielleicht könnt ihr mir ja helfen... ****************************OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2013 14:09:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 80,92% Memory free 15,99 Gb Paging File | 14,23 Gb Available in Paging File | 88,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,10 Gb Total Space | 47,90 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive D: | 149,95 Gb Total Space | 46,68 Gb Free Space | 31,13% Space Free | Partition Type: NTFS Drive E: | 215,61 Gb Total Space | 137,54 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.28 14:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.03 16:35:18 | 000,843,704 | ---- | M] (Samsung) -- E:\Tools\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.12.03 16:35:12 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- E:\Tools\Kies\Kies\KiesTrayAgent.exe PRC - [2012.12.03 16:35:10 | 000,967,608 | ---- | M] (Samsung) -- E:\Tools\Kies\Kies\Kies.exe PRC - [2012.08.09 09:12:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\AntiVir\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.27 09:13:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- E:\Tools\RealPlayer\Update\realsched.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\AntiVir\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\AntiVir\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- E:\Tools\AntiVir\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.03 19:19:42 | 000,863,360 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2012.04.03 19:19:40 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe PRC - [2012.04.02 16:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ========== Modules (No Company Name) ========== MOD - [2013.02.16 10:13:47 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2013.01.09 21:26:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 20:13:55 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.09 20:13:42 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.09 20:13:37 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.09 20:13:36 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 20:13:33 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.09 20:13:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.09 20:13:30 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 20:13:25 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.12.12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV - [2013.03.13 01:00:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013.01.13 21:07:34 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\AntiVir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\AntiVir\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- E:\Tools\AntiVir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.10 22:04:17 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.03.10 22:04:17 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.27 10:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 10:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 10:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{448965D5-D9FF-4ECE-B700-7F9C1ADC7178}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4AA8017F-C470-47D6-8EBA-49D3DB44851A}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{539BB1C5-2E72-4621-956B-C59527DB1272}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{9F9AB453-CDED-4996-B43F-BE0305ABA3F5}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{ADD256E1-673D-4AE8-AEF2-CA2DCBE2333A}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{BECDFAD9-9EA2-420B-B226-8367BBA2B2E4}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=f5dc8945-dc50-4686-8368-12ff7d3220f4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{CB965A69-7FBF-418C-853F-3ADF6EE02450}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.4 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=48de74e4-ec4d-4856-840e-c243e854f13a&apn_ptnrs=%5EABT&apn_sauid=B8A80B24-63DB-4B7D-B4B0-B8E94CE1A98C&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: e:\tools\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: e:\tools\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: e:\tools\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.22 10:24:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.22 10:24:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.28 08:04:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.04.27 11:32:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: E:\Tools\Mozilla\Thunterbird\components [2013.04.05 19:35:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: E:\Tools\Mozilla\Thunterbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tmbabtev.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tmbabtev.default\extensions\firejump@firejump.net [2013.01.13 21:08:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: E:\Tools\Mozilla\FireFox\components [2013.04.14 23:33:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: E:\Tools\Mozilla\FireFox\plugins [2013.04.14 23:33:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: E:\Tools\Mozilla\Thunterbird\components [2013.04.05 19:35:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: E:\Tools\Mozilla\Thunterbird\plugins [2011.12.29 14:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.27 11:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tmbabtev.default\extensions [2013.01.13 21:08:01 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tmbabtev.default\extensions\firejump@firejump.net [2013.01.14 20:47:09 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\extension@preispilot.com.xpi [2012.06.27 18:58:31 | 000,811,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\ffe_ff3ff4@game-point.net.xpi [2012.11.21 22:45:15 | 001,230,904 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\Office2007Black@JBBS.xpi [2013.04.27 11:37:22 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\personas@christopher.beard.xpi [2013.03.30 20:38:16 | 000,609,882 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi [2013.04.25 20:06:49 | 001,360,815 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.14 19:48:43 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.20 08:04:02 | 000,002,306 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\searchplugins\askcomsearch.xml [2013.01.13 21:07:36 | 000,001,114 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\searchplugins\icqplugin.xml [2013.01.13 21:07:36 | 000,002,071 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\searchplugins\{6B3E0E8F-FF2B-40C8-B03F-979AFE1D8ED4}.xml [2013.01.13 21:07:36 | 000,002,182 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\searchplugins\{AF298D5F-A437-4903-A287-F6AD15F4F658}.xml [2013.01.13 21:07:36 | 000,001,864 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tmbabtev.default\searchplugins\{FDCABF9B-95BB-41C5-92D4-1195C2D6CB93}.xml [2013.02.28 08:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.04.14 23:33:40 | 000,000,000 | ---D | M] (Java Console) -- E:\TOOLS\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.14 23:33:40 | 000,000,000 | ---D | M] (Java Console) -- E:\TOOLS\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] E:\Tools\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [KiesTrayAgent] E:\Tools\Kies\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] e:\tools\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] E:\Tools\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" File not found O4 - HKCU..\Run: [KiesAirMessage] E:\Tools\Kies\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPDLR] E:\Tools\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] E:\Tools\Kies\Kies\Kies.exe (Samsung) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://E:\Tools\Office\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Tools\Office\Office10\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://E:\Tools\Office\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://E:\Tools\Office\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Tools\Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://E:\Tools\Office\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Tools\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Tools\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - E:\Tools\AntiVir\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B6D385-B8FE-4EE1-9EA2-0EBF8E42B894}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\cdo - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.28 14:08:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.27 11:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logitech [2013.04.27 11:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.04.27 11:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.04.27 11:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.04.19 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.04 18:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epson Software ========== Files - Modified Within 30 Days ========== [2013.04.28 14:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.28 14:07:10 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.28 14:06:27 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.28 14:02:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 14:02:59 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.28 13:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.28 13:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.28 13:54:14 | 791,708,519 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.28 13:54:13 | 2145,509,375 | -HS- | M] () -- C:\hiberfil.sys [2013.04.27 14:54:13 | 000,668,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.27 14:54:13 | 000,620,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.27 14:54:13 | 000,134,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.27 14:54:13 | 000,110,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.27 14:54:12 | 001,526,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.14 23:02:54 | 000,007,599 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2013.04.12 19:11:19 | 000,417,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.04.28 14:07:10 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.28 14:06:26 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.28 12:50:11 | 791,708,519 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.12 13:28:42 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2013.02.12 13:28:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2013.02.12 13:28:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2013.02.12 13:28:42 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2013.02.12 13:28:42 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2013.02.12 13:28:42 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2013.02.12 13:28:42 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2013.02.12 13:28:42 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2013.02.12 13:28:42 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2013.02.12 13:28:42 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2013.02.12 13:28:42 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2013.02.12 13:28:42 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2013.02.12 13:28:42 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2013.02.12 13:28:42 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2013.02.12 13:28:42 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2013.02.12 13:28:42 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2013.02.12 13:28:42 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2013.02.12 13:28:42 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2013.02.12 13:28:42 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2013.01.13 21:07:45 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.08.05 16:49:16 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 18:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 18:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 18:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 18:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.12.29 14:46:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.12.27 15:44:29 | 000,027,029 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.09.18 17:02:02 | 000,000,429 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.12 18:28:46 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.09 14:52:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2012.11.10 00:09:20 | 000,000,596 | ---- | M] () -- C:\Users\***\AppData\Roaming\Thunderbird\Profiles\e8zr3vgn.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.19 17:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2012.09.09 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology [2013.01.14 08:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo3 [2012.12.29 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo4 [2013.04.26 07:43:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ALFBanCo5 [2013.01.13 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.03.17 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2013.03.19 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.12.27 12:55:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IcoFX [2013.03.15 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.07.09 17:37:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.08.31 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2011.07.19 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS [2011.07.19 10:49:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.04.15 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2011.12.14 08:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.12.18 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.01.21 21:06:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools [2012.09.21 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE [2012.07.01 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2011.07.09 18:38:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.04.26 07:27:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TSR [2013.01.24 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > ********************OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2013 14:09:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,47 Gb Available Physical Memory | 80,92% Memory free 15,99 Gb Paging File | 14,23 Gb Available in Paging File | 88,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,10 Gb Total Space | 47,90 Gb Free Space | 47,85% Space Free | Partition Type: NTFS Drive D: | 149,95 Gb Total Space | 46,68 Gb Free Space | 31,13% Space Free | Partition Type: NTFS Drive E: | 215,61 Gb Total Space | 137,54 Gb Free Space | 63,79% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Tools\Mozilla\FireFox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Tools\Office\Word-Viewer\OFFICE11\msohtmed.exe" %1 htmlfile [print] -- "E:\Tools\Office\Word-Viewer\OFFICE11\msohtmed.exe" /p %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "E:\Tools\Cewe Fotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "E:\Tools\Cewe Fotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [Winamp.Bookmark] -- "E:\Tools\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Tools\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Tools\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "E:\Tools\Office\Word-Viewer\OFFICE11\msohtmed.exe" %1 htmlfile [print] -- "E:\Tools\Office\Word-Viewer\OFFICE11\msohtmed.exe" /p %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "E:\Tools\Cewe Fotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OnlineFotoservice] -- "E:\Tools\Cewe Fotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" () Directory [Winamp.Bookmark] -- "E:\Tools\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Tools\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Tools\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11B92742-46ED-401F-93E0-395033E39B9E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{266945A4-80FB-4181-8691-4AEB1595DAAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27A9DC9E-EC2D-4454-B5ED-F4067CA0ABE9}" = lport=2869 | protocol=6 | dir=in | app=system | "{5171CC5D-D864-4598-BDF4-4A3A1E4B047A}" = lport=139 | protocol=6 | dir=in | app=system | "{55D2AB3F-3332-45D6-8D38-3AAFD7F72500}" = rport=445 | protocol=6 | dir=out | app=system | "{6678A0C1-CC7D-4108-ABE6-3C7AB33AE68A}" = rport=10243 | protocol=6 | dir=out | app=system | "{681946BF-7766-4CF8-9DD5-CC7BD953A949}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6CA53DB2-13C3-421C-83B0-EFD4975788AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7F642B5C-FC99-4620-8C21-C61F522B9BD8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8118303A-61F9-4D90-8BD9-D3D6DF4D146D}" = lport=137 | protocol=17 | dir=in | app=system | "{9B9E551D-6E02-4E40-880C-D90287600698}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A6799423-112A-4C7A-9DA8-719189AA38F0}" = lport=138 | protocol=17 | dir=in | app=system | "{A9479587-2DB1-4C56-858D-B9C0516BC721}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AFC950E4-5548-4D2B-8910-009DC5E156A1}" = rport=137 | protocol=17 | dir=out | app=system | "{B23852A1-1C23-4DFE-A393-03EAEA26A7CE}" = lport=445 | protocol=6 | dir=in | app=system | "{B8D62471-A7CB-466C-B9B6-CA77804AA672}" = lport=10243 | protocol=6 | dir=in | app=system | "{D40CB3A8-EF18-4D94-99C1-F32E6E3C5BE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D447E35B-E233-4887-9689-DFB30CF1F82C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DC1BA6A7-955F-41C4-99AE-92A3E60A3AFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E2240F1D-9432-4981-BA86-30AE6868746C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EC200054-6D3C-43D7-983E-8B2C336BE22A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED6BD4FE-DDA0-42A0-9CC7-012A3DD8456C}" = rport=138 | protocol=17 | dir=out | app=system | "{F946D069-A374-4076-96C6-C321E2E2A13C}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{054A460D-9939-4C14-9C77-677F0F3D17B2}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii\diablo iii.exe | "{05EBE6FF-073F-45C9-BE24-1A630D98D9CB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{07CE58C4-1363-40DB-9B41-4F6F16F718CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{087B2AD7-10FF-49DD-A60E-4A953C1C6F0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0DDAA286-E6C0-41ED-9C11-7BB9989668E2}" = protocol=6 | dir=in | app=d:\anno 2070\autopatcher.exe | "{0F3BBEB1-E530-4519-B49A-77266469A5CA}" = protocol=17 | dir=in | app=d:\anno 2070\initengine.exe | "{121B7E9F-3F9F-4288-8E20-11CB2C7A4CB0}" = protocol=6 | dir=in | app=d:\assassines creed 1\assassinscreed_dx10.exe | "{12314E60-0E64-4AE5-985F-CD753495050B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{13F6DED2-CD7B-42F3-B7C3-8C98E48303E8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{15A25BE0-4CD9-486E-B39B-BEA526683A78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1FB10C9D-21F5-494A-B564-89E04F266EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{25A3E64C-FDD5-4E1E-996B-A399E2F2D34D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{28DD483B-AD49-4BCA-A3F5-B030A0E62B4C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3756433C-4051-475C-BE6D-B1F8E8BA015D}" = protocol=6 | dir=in | app=d:\assassines creed 1\assassinscreed_dx9.exe | "{3B95FE2C-17B6-4CEC-8A79-E11CDDA40130}" = protocol=17 | dir=in | app=d:\anno 1701\anno1701addon.exe | "{3BE10CE3-7FEF-4183-A659-D2F31C811FA4}" = protocol=17 | dir=in | app=e:\tools\icq\icq7.7\icq.exe | "{56EAAABE-AAC8-4415-9E06-B53567777317}" = protocol=6 | dir=in | app=e:\tools\icq\icq7.7\icq.exe | "{5ABC78ED-868F-4D8F-81BC-633E851E3F1E}" = protocol=6 | dir=in | app=d:\anno 1701\anno1701addon.exe | "{5F6B735A-F909-4977-96EF-78091B16CDF8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{60EAA4E7-3554-4C4B-B87E-6CDA3BE9FC70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{62BBE816-DED0-4B2D-AE98-FBE3A81E6A3D}" = protocol=6 | dir=in | app=d:\assassines creed 1\assassinscreed_launcher.exe | "{63AA45DF-8D6E-4782-93A9-70C368E1B8EB}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | "{64E81486-94AB-47DD-BBF8-B60A9EBD8FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{66C1F48A-FE24-4700-B2BD-AE46FCF85403}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{6B1E8D3B-4E9B-4EE4-867C-DD1D0237FD71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{6BDFC567-EEF8-4502-80A8-BB5107903A52}" = protocol=17 | dir=in | app=d:\assassines creed 1\assassinscreed_dx10.exe | "{6EFDFFDA-A20B-4F8E-BD5A-DBA66E790740}" = protocol=6 | dir=in | app=e:\tools\icq\icq7.7\icq.exe | "{7169AE0B-DB94-4209-8311-97E4E810C9E2}" = protocol=6 | dir=out | app=system | "{760700B4-5FCB-40D2-AE97-570E55825040}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{87C773CC-2159-438A-AC42-68335B04F247}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8B66D26F-8173-4E95-AB75-DDE39F6D66E7}" = protocol=17 | dir=in | app=d:\anno 2070\autopatcher.exe | "{8C3180E4-DE34-43D3-8983-4007620FF165}" = protocol=17 | dir=in | app=d:\dragon age\daoriginslauncher.exe | "{9494472C-FF7F-4FDC-8F15-E6A46A7BBF89}" = protocol=17 | dir=in | app=d:\assassines creed 1\assassinscreed_dx9.exe | "{A3476749-D8DE-4663-BBA3-D52F25C319C1}" = protocol=6 | dir=in | app=d:\dragon age\daoriginslauncher.exe | "{A507B1E6-2DBD-4D7D-8302-E290DA4DAE86}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A913DB21-85BB-41F2-8B13-A52C47B265BE}" = protocol=6 | dir=in | app=d:\anno 2070\anno5.exe | "{ACF2A008-DDD7-435C-978B-E141483FFDA9}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii\diablo iii.exe | "{B3E4B0C5-2317-4DBB-935E-C24A12905AF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB5AD3D2-50C8-4B03-9AE1-9095C07E6444}" = protocol=17 | dir=in | app=d:\assassines creed 1\assassinscreed_launcher.exe | "{BDA2316F-519A-4502-8B28-9591A3F072D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BEAA0E72-B276-4105-97D2-046642B15177}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{C7E2B4AB-2205-4E5E-B2FE-96B20A85D743}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C9E42E4A-BE1A-48AD-939F-7C4CB16586B1}" = protocol=6 | dir=in | app=d:\anno 2070\initengine.exe | "{CAF36668-7E90-4B48-ACB8-09DF8CAB3C4F}" = protocol=17 | dir=in | app=d:\anno 2070\anno5.exe | "{D14FD65F-2D57-4028-B74E-B949298ABF0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E0970C1A-5B2D-46C4-A4E1-3A5CF1570C14}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{E50183E9-DB8B-491B-9DB9-A8FB741A29F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E769A2AC-045E-4F9D-8500-2C0DA14BAA26}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{E8D98306-5049-4821-B911-4B97E32DAD25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E9EB6299-ECA1-4C4C-962E-475C6A99EC7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{EA54C94C-F501-488E-955F-8DBF89ED5B01}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F0F79812-1B43-4EFD-9D2E-0BA74E33E879}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{F2305AA0-F6F5-40EF-9046-1C257F95E06F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{F4C61C9A-789A-430C-8A44-B9453FF2D951}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | "{FF496F4D-15EC-4ABC-8CC1-5D0A06BD2FE3}" = protocol=17 | dir=in | app=e:\tools\icq\icq7.7\icq.exe | "TCP Query User{0144CC49-C37C-4335-BE48-9A31923AF604}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{02416595-9BF5-4BC7-B8F6-61C61846E80B}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | "TCP Query User{4C9F9573-C9EC-4EA7-A867-D7DF507AD50B}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "TCP Query User{552C70D0-F2E1-4820-85D0-7072A8CBAC20}E:\tools\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\tools\winamp\winamp.exe | "TCP Query User{5CA8C92C-9B36-41FB-86F4-4E57DD5D6E05}E:\tools\realplayer\realplay.exe" = protocol=6 | dir=in | app=e:\tools\realplayer\realplay.exe | "TCP Query User{818ABFEF-4F62-4164-9E87-5939EDD52F01}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{AE3BE5B7-AA52-48E8-AEA5-D5E264844C43}D:\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | "TCP Query User{B1944BC9-8EA7-42ED-A5AF-90AFD61D5236}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{CDBB8082-AF67-40B1-9FE8-F525D93D7F30}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{FA6ECC15-A2FE-4BD5-9598-DE6E4C87A6C2}D:\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno 1701\anno1701.exe | "UDP Query User{0882A0A9-C0E7-4A3D-BC65-8E34CF0EF3B4}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{493BBA51-05BF-411D-8CD4-0D76AAD07429}E:\tools\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\tools\winamp\winamp.exe | "UDP Query User{4BE6AF3B-CF15-47D7-A4ED-BC913EA479FB}E:\tools\realplayer\realplay.exe" = protocol=17 | dir=in | app=e:\tools\realplayer\realplay.exe | "UDP Query User{7B543A84-ABC9-4504-ACB4-B1DD085F30CB}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{850403FB-641E-4284-8985-657E1F1FF98B}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | "UDP Query User{9FADD282-8237-4841-8A1C-063D7396019B}D:\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | "UDP Query User{BEB677C1-DDF3-4F9B-8F51-6D10D50403C1}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{BF80279E-954D-4631-B8E7-EA7050E6488B}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | "UDP Query User{DF893FFF-5D60-4960-9E92-B9ABDF2B5D26}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{FF283D5B-449F-4988-8DAA-BBB84B4CFB6C}D:\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno 1701\anno1701.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit) "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "DesktopIconAmazon" = Desktop Icon für Amazon "EPSON WF-3520 Series" = EPSON WF-3520 Series Printer Uninstall "Logitech Gaming Software" = Logitech Gaming Software 8.45 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SearchAnonymizer" = SearchAnonymizer "sp6" = Logitech SetPoint 6.52 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{02A312B5-1542-47B6-BFE9-F51358C39E86}" = Epson Easy Photo Print 2 "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6547 Banner Remover 1.0 "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe "{39AF5C9F-9673-438F-BBF9-47690B989F7F}" = QuickSteuer 2012 "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires "{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8F01524C-0676-4CC1-B4AE-64753C723391}" = Epson Event Manager "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen "{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion "{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3CDAAD3-F806-4F2A-BACF-487AD2E5B3EB}" = QuickSteuer 2011 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude "{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503 "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Alf-BanCo4_is1" = ALF-BanCo 4 "Alf-BanCo5_is1" = ALF-BanCo 5 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "BurnAware Free_is1" = BurnAware Free 3.0.5 "CDex" = CDex - Open Source Digital Audio CD Extractor "Diablo II" = Diablo II "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "Epson Connect Guide" = Anleitung für Epson Connect "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "FileZilla Client" = FileZilla Client 3.5.0 "IcoFX_is1" = IcoFX 1.6.4 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0) "OnlineFotoservice" = OnlineFotoservice "Origin" = Origin "RealPlayer 15.0" = RealPlayer "RPG-SoundMixer_is1" = RPG-SoundMixer "S2TNG" = Die Siedler II - Die nächste Generation "Sacred Underworld_is1" = Sacred Underworld "Sacred_is1" = Sacred "vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only) "WF-3520 Series Netg" = Epson Netzwerkhandbuch WF-3520 Series "WF-3520 Series Useg" = Epson Benutzerhandbuch WF-3520 Series "Winamp" = Winamp "WonderWebWare CSS Menu Generator_is1" = WonderWebWare CSS Menu Generator 4.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MyFreeCodec" = MyFreeCodec "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12.01.2013 16:53:19 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 13.01.2013 11:31:11 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 13.01.2013 19:30:18 | Computer Name = ***-PC | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\Java\jre7\bin\tnameserv.exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\Java\jre7\bin\tnameserv.exe" in Zeile 29. Ungültige XML-Syntax. Error - 15.01.2013 02:28:13 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 16.01.2013 02:02:13 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 16.01.2013 15:08:28 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 17.01.2013 14:20:42 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 18.01.2013 11:59:08 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 19.01.2013 05:14:50 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 19.01.2013 19:35:07 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 28.04.2013 07:56:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 < End of report > |
28.04.2013, 15:44 | #2 |
| Mehrfach plötzlicher PC-Absturz, Bluescreen Anleitung / Hilfe Für mich währen mehr Informationen über den Bluescreen hilfreich (Fehlermeldung), es währe übersichtlicher, wenn man die Logfiles in [code]-Tags einfügt und es kann sein, dass das im falschen Unterforum steht. Und entschuldigung, falls ich hier nicht Antworten darf.
__________________ |
28.04.2013, 15:54 | #3 |
| Mehrfach plötzlicher PC-Absturz, Bluescreen Details Hallo und danke für die Antwort!
__________________Hab unten mal die Fehlermeldungen von Windows reinkopiert. Das mit den Logfiles in [code]-Tags zu packen ist ne gute Idee, Danke fürs Anpassen! Wegen des Unterforum war ich mir nicht ganz sicher, daher hab ich mal im Forum mit der Suche geschaut, wo schon einmal Post mit nen Bluescreen gepostet wurden und darum hab ich den hier halt genommen. Wenn das falsch ist, bitte einfach in den Richtigen verschieben, sofern das möglich ist. Fehlermeldungen von Windows: Code:
ATTFilter Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 50 BCP1: FFFFD8A00FA7C8C0 BCP2: 0000000000000001 BCP3: FFFFF880012D070C BCP4: 0000000000000007 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\042813-21652-01.dmp C:\Users\***\AppData\Local\Temp\WER-68858-0.sysdata.xml Lesen Sie unsere Datenschutzbestimmungen online: hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407 Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline: C:\Windows\system32\de-DE\erofflps.txt Code:
ATTFilter Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 50 BCP1: FFFFD900C225A5C8 BCP2: 0000000000000000 BCP3: FFFFF9600016C0B7 BCP4: 0000000000000007 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\042813-17175-01.dmp C:\Users\***\AppData\Local\Temp\WER-63024-0.sysdata.xml Lesen Sie unsere Datenschutzbestimmungen online: hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407 Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline: C:\Windows\system32\de-DE\erofflps.txt |
28.04.2013, 16:21 | #4 |
| Lösung: Mehrfach plötzlicher PC-Absturz, Bluescreen Der Fehler liegtwahrscheinlich an der Festplatte. Teste die Festplatte mal. Könnte aber auch an sonstige Hardware zum Speichern liegen (RAM). Geändert von mort (28.04.2013 um 16:51 Uhr) |
28.04.2013, 17:04 | #5 |
| Wie Mehrfach plötzlicher PC-Absturz, Bluescreen Danke für die Info und die Hilfe Mal noch so ne Frage von einem völligen Noob: Wie kann ich die Festplatte denn prüfen? Gibts da ein bestimmtes Tool für oder kann ich das direkt mit Windows irgendwie machen? Kann man den RAM auch irgendwie auf Fehler checken? Denn wenns wieder der RAM ist, muss es doch irgendeinen Grund geben, warum der ständig defekt geht. |
28.04.2013, 17:38 | #6 |
| Wo Mehrfach plötzlicher PC-Absturz, Bluescreen Lösung! Windows 7 und Vista enthalten den Speichertester Windows Memory Diagnostics Tool. Bevor Sie das Programm starten, speichern Sie alle geöffneten Dateien, da es einen Neustart erfordert. Den Speichertester rufen Sie über den Befehl mdsched im Suchfeld des Startknopfs auf. Die Anwendung benötigt Administratorrechte. Wählen Sie anschließend die Option „Jetzt neu starten und nach Problemen suchen“. Nach dem Neustart beginnt das Testprogramm, selbsttätig die Speicherzellen zu prüfen. Der automatische Durchlauf dauert abhängig von der Speicherkapazität etwa zehn Minuten. Über die F1-Taste können Sie das Optionsmenü aufrufen und unter anderem die Testdauer verändern. Heise.de empfieht, die Durchlaufanzahl auf den Wert 0 (entspricht unendlich) zu setzen und das Memory Diagnostics Tool mindestens über Nacht laufen zu lassen. Meldet die Software keine Probleme, spricht das zwar für fehlerfreie RAM-Module, ist aber kein Beweis. Ein reines Software-Tool kann nicht alle möglichen Fehlerquellen für Bitfehler finden. |
28.04.2013, 17:41 | #7 |
| Mehrfach plötzlicher PC-Absturz, Bluescreen Alles klar, dann werd ich mal anfangen zu prüfen an was es genau liegt. Danke für die Hilfe |
Themen zu Mehrfach plötzlicher PC-Absturz, Bluescreen |
adobe reader xi, antivir, autorun, avira, avira searchfree toolbar, battle.net, bho, black, bluescreen, error, excel, fehler, firefox, flash player, format, google, home, install.exe, logfile, object, plug-in, problem, realtek, registry, richtlinie, rundll, scan, security, software, svchost.exe, udp, windows |