|
Plagegeister aller Art und deren Bekämpfung: Keine InternetverbindungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.07.2013, 11:54 | #1 |
| Keine Internetverbindung Hallo. Gerade macht mein eigener Laptop ein paar Probleme. Er verbindet sivh immer nur eingeschränkt mit dem wlan und überhäupt nicht über kabel. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03 (ATTENTION: FRST version is 21 days old) Ran by K.Badekow (administrator) on 02-07-2013 12:50:52 Running from D:\Rapidshare Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe (NCP Engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe () C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [170496 2013-04-13] (Sun Microsystems, Inc.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [1001472 2013-01-07] (NCP engineering GmbH) HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 11 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default FF SelectedSearchEngine: Search the web (Babylon) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f�r BlackBerry App World\npappworld.dll () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Adobe InDesign\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-16] () S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2008-07-02] (iAnywhere Solutions, Inc.) R2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH) R2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH) R2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] () R2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] () ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-17] (DT Soft Ltd) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-06-29 22:04 - 2013-06-29 22:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:17 - 2013-06-29 21:17 - 00000000 ____D C:\Program Files\Adobe 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:56 - 2013-06-29 20:57 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-27 21:03 - 2013-06-27 21:05 - 00000000 ____D C:\tmp 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:22 - 2013-06-26 08:25 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:51 - 2013-06-24 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 10:35 - 2013-06-20 10:36 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-15 22:23 - 2013-06-15 22:24 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 15:06 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 15:06 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 15:06 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 15:06 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 15:06 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:01 - 2013-06-14 22:02 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:34 - 2013-06-12 08:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:53 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 22:53 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 22:53 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 22:53 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-11 19:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 19:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 19:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 19:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 19:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 19:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 19:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 19:31 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 19:31 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-05 06:24 - 2012-10-17 16:37 - 00397312 ____A (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe 2013-06-05 06:24 - 2011-09-28 09:18 - 00364544 ____A C:\Windows\SysWOW64\PropertyGrid.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00208500 ____A C:\Windows\SysWOW64\ReyXpBasics.tlb 2013-06-05 06:24 - 2011-09-28 09:18 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00084512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00024576 ____A C:\Windows\SysWOW64\ControlSubX.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:10 - 2013-06-02 21:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== One Month Modified Files and Folders ======= 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:47 - 2012-02-16 21:41 - 00000000 ____D C:\ProgramData\MFAData 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-02 12:42 - 2013-05-02 23:57 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-07-02 12:42 - 2013-02-01 12:09 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Dropbox 2013-07-02 12:42 - 2013-01-19 15:23 - 00000431 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-07-02 12:42 - 2012-05-17 12:45 - 00000000 ____D C:\ProgramData\VMware 2013-07-02 12:41 - 2012-01-10 21:14 - 00094668 ____A C:\Windows\setupact.log 2013-07-02 12:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 11:21 - 2012-02-16 10:29 - 01971468 ____A C:\Windows\WindowsUpdate.log 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:17 - 2012-08-04 09:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-07-01 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-29 22:05 - 2013-06-29 22:04 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:19 - 2012-05-18 22:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-06-29 21:17 - 2013-06-29 21:17 - 00000000 ____D C:\Program Files\Adobe 2013-06-29 21:17 - 2012-05-15 20:49 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-06-29 21:17 - 2012-02-16 20:30 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Adobe 2013-06-29 21:16 - 2012-02-16 21:36 - 00000000 ____D C:\ProgramData\Adobe 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:57 - 2013-06-29 20:56 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 20:56 - 2012-10-02 09:22 - 593580212 ____A C:\Windows\MEMORY.DMP 2013-06-29 20:56 - 2012-10-02 09:22 - 00000000 ____D C:\Windows\Minidump 2013-06-29 20:53 - 2012-05-17 13:17 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VMware 2013-06-29 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-29 20:47 - 2012-05-17 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\VMware 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-28 10:51 - 2012-02-19 13:20 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\Adobe 2013-06-28 01:48 - 2012-03-11 15:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Skype 2013-06-27 22:31 - 2013-01-30 19:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-27 22:31 - 2012-03-11 15:27 - 00000000 ____D C:\ProgramData\Skype 2013-06-27 21:59 - 2012-02-17 03:00 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\vlc 2013-06-27 21:05 - 2013-06-27 21:03 - 00000000 ____D C:\tmp 2013-06-27 21:03 - 2012-02-16 10:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VirtualStore 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 19:12 - 2013-04-27 12:49 - 00001992 ___AH C:\Users\K.Badekow\Documents\Default.rdp 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-27 10:30 - 2013-05-31 20:43 - 00010304 ____A C:\Users\K.Badekow\Desktop\mtl.ods 2013-06-26 14:11 - 2012-12-02 15:54 - 00068376 ____A C:\Users\K.Badekow\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-26 14:09 - 2013-02-09 22:44 - 00000000 ____D C:\Users\K.Badekow\Documents\Rudeloff 2013-06-26 14:05 - 2009-07-14 06:45 - 04930256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-26 12:19 - 2012-02-16 21:36 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 11:59 - 2013-01-30 19:20 - 00000000 ____D C:\Users\K.Badekow\Documents\Betriebswirt 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:37 - 2012-02-16 10:36 - 00000000 ____D C:\users\K.Badekow 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:25 - 2013-06-26 08:22 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:22 - 2013-04-18 18:37 - 00000000 ____D C:\Users\K.Badekow\Documents\Handelsgesellschaft Badekow 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 20:46 - 2011-04-12 09:43 - 00713452 ____A C:\Windows\System32\perfh007.dat 2013-06-25 20:46 - 2011-04-12 09:43 - 00156276 ____A C:\Windows\System32\perfc007.dat 2013-06-25 20:46 - 2009-07-14 07:13 - 01659940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:52 - 2013-06-24 12:51 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:39 - 2012-02-16 21:43 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-24 11:39 - 2012-02-16 20:50 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 19:11 - 2013-04-19 22:50 - 00022318 ____A C:\Users\K.Badekow\Documents\Zeugnis Badekow2.odt 2013-06-20 10:36 - 2013-06-20 10:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-17 13:50 - 2010-11-21 05:47 - 00132972 ____A C:\Windows\PFRO.log 2013-06-15 22:24 - 2013-06-15 22:23 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 22:24 - 2012-02-16 20:28 - 00000000 ____D C:\Users\K.Badekow\.dvdcss 2013-06-15 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:02 - 2013-06-14 22:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:35 - 2013-06-12 08:34 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:54 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 22:00 - 2012-12-13 21:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\PokerStars.EU 2013-06-11 21:17 - 2012-04-05 22:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 21:17 - 2012-02-16 20:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-08 16:08 - 2013-06-15 15:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 15:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 15:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-04 17:41 - 2013-04-09 20:59 - 00000000 ____D C:\ProgramData\Lexware 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:11 - 2013-06-02 21:10 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 20:36 End of log Viele Grüße und vielen Dank Kay Geändert von Teronius (02.07.2013 um 12:12 Uhr) |
02.07.2013, 12:11 | #2 |
/// the machine /// TB-Ausbilder | Keine Internetverbindung Hi,
__________________bitte noch das machen: Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier. Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool Setze einen Haken bei folgenden Einträgen
__________________ |
02.07.2013, 12:28 | #3 |
| Keine InternetverbindungCode:
ATTFilter Farbar Service Scanner Version: 27-06-2013 Ran by K.Badekow (administrator) on 02-07-2013 at 13:22:19 Running from "C:\Users\K.Badekow\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Code:
ATTFilter MiniToolBox by Farbar Version: 16-06-2013 Ran by K.Badekow (administrator) on 02-07-2013 at 13:23:11 Running from "C:\Users\K.Badekow\Desktop" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows-IP-Konfiguration Der DNS-Aufl攕ungscache wurde geleert. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 hl2rcv.adobe.de 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 209.34.83.73:443 127.0.0.1 209.34.83.73:43 127.0.0.1 209.34.83.73 There are 61 more lines starting with "127.0.0.1" ========================= IP Configuration: ================================ VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected) VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected) VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected) NCP Secure Client Virtual NDIS6 Adapter = LAN-Verbindung 2 (Hardware not present) Atheros AR8151 PCI-E Gigabit Ethernet Controller = LAN-Verbindung (Media disconnected) Atheros AR5B97 Wireless Network Adapter = Drahtlosnetzwerkverbindung (Media disconnected) # ---------------------------------- # IPv4-Konfiguration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="LAN-Verbindung 2" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0 add address name="VMware Network Adapter VMnet1" address=192.168.137.1 mask=255.255.255.0 add address name="VMware Network Adapter VMnet8" address=192.168.219.1 mask=255.255.255.0 popd # Ende der IPv4-Konfiguration Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : Tero Prim剅es DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Broadcast IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein Tunneladapter LAN-Verbindung* 3: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Microsoft-Teredo-Tunneling-Adapter Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Server: UnKnown Address: 127.0.0.1 Ping-Anforderung konnte Host "google.com" nicht finden. 歜erpr乫en Sie den Namen, und versuchen Sie es erneut. Server: UnKnown Address: 127.0.0.1 Ping-Anforderung konnte Host "yahoo.com" nicht finden. 歜erpr乫en Sie den Namen, und versuchen Sie es erneut. Ping wird ausgef乭rt f乺 127.0.0.1 mit 32 Bytes Daten: Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Ping-Statistik f乺 127.0.0.1: Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms =========================================================================== Schnittstellenliste 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Microsoft-Teredo-Tunneling-Adapter =========================================================================== IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 =========================================================================== St刵dige Routen: Keine IPv6-Routentabelle =========================================================================== Aktive Routen: If Metrik Netzwerkziel Gateway 1 306 ::1/128 Auf Verbindung 1 306 ff00::/8 Auf Verbindung =========================================================================== St刵dige Routen: Keine ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.) Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.) x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.) ========================= Event log errors: =============================== Application errors: ================== Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/02/2013 00:59:42 PM) (Source: DCOM) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (07/02/2013 00:43:07 PM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:02:53 AM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:00:43 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist f黵 "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/01/2013 10:52:22 AM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/29/2013 10:50:05 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist f黵 "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/29/2013 10:05:44 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:03:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:23 PM) (Source: ipnathlp) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-02-20 19:22:40.185 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:40.162 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.487 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.466 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.657 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.635 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.729 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.708 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.706 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.686 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 8.2.1) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (Version: 3.7.0.1530) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Help Manager (Version: 4.0.244) Adobe InDesign CS5 (Version: 7.0) Adobe Media Player (Version: 1.8) Adobe Photoshop CS5 (Version: 12.0) Adobe Photoshop Lightroom 4 64-bit (Version: 4.0.1) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe� Content Viewer (Version: 3.1.0) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.851.4) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) Apple Application Support (Version: 2.3) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3345) AVG 2013 (Version: 2013.0.3345) AviSynth 2.5 Bandicam (Version: 1.8.6.321) Bandisoft MPEG-1 Decoder BlackBerry Desktop Software 7.1 (Version: 7.1.0.32) Browser-Plug-In f黵 BlackBerry App World (Version: 4.2.1.8) Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon LBP7010C/7018C Canon MP Navigator EX 4.0 CanoScan LiDE 110 Scanner Driver Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Curse Client (Version: 4.0.1.260) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.45.3.0297) dakota.ag (Version: 5.0.0.0) DivX-Setup (Version: 2.6.1.24) DragonCastle (Version: 1.0) Dropbox (Version: 2.0.22) ElsterFormular (Version: 14.3.20130522) FileZilla Client 3.6.0.2 (Version: 3.6.0.2) FLAC To MP3 V4.0.4 Free FLV Converter V 7.5.0 (Version: 7.5.0.0) Glary Utilities 2.55.0.1790 (Version: 2.55.0.1790) Guard.ICQ Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HP LJ300-400 color MFP M375-M475 HP LJ300-400 color MFP M375-M475 Fax (Version: 24.0.0.0) HP LJ300-400 M375-M475 HP Scan (Version: 1.0.302.0) HP Product Detection (Version: 11.14.0001) HP Product FWUpdater (Version: 4.0.0.6579) HP Unified IO (Version: 1.0.1.94) HP Update (Version: 5.003.001.001) hpbDSService (Version: 001.001.05133) hpbM375M475DSService (Version: 001.001.05164) HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (Version: 1.01.0000) HPLJDXPHelper (Version: 020.021.004) HPLJUTCore (Version: 1.02.0014) HPLJUTM375-M475 (Version: 1.02.0013) hppFaxDrvM375M475 (Version: 003.000.00002) hppLaserJetService (Version: 009.022.00806) hppM375_M475LaserJetService (Version: 005.020.00094) hppSendFaxM375M475 (Version: 003.000.00002) hppToolboxProxyM375 (Version: 020.021.004) hpStatusAlerts (Version: 020.025.1119) hpStatusAlertsM375_M475 (Version: 020.023.01805) ICQ Sparberater (Version: 1.3.671) ICQ7.7 (Version: 7.7) ImagXpress (Version: 7.0.74.0) InstanceFinder (Version: 020.021.004) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130) JavaFX 2.1.1 (Version: 2.1.1) JDownloader 0.9 (Version: 0.9) Junk Mail filter update (Version: 15.4.3502.0922) Lexware Admintools Pro (Version: 11.50.00.0135) Lexware financial office pro 2011 (Version: 11.50.00.0235) Lexware financial office pro 2011 (Version: 11.63.00.0283) Lexware Info Service (Version: 2.70.00.0081) Lexware online banking (Version: 11.00.00.0039) Lexware professional Datenbank 2011 (Version: 11.50.00.0148) LJDXPHelperUI (Version: 020.021.004) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software-Treiberpaket (Version: 12.10.1110) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyPhoneExplorer (Version: 1.8.4) NCP Secure Entry Client (Version: 9.31 Build 104) Nero 7 Premium (Version: 7.01.4068) Nero ControlCenter (Version: 0.0.0.1) Nero Disc Copy Gadget Help (Version: 2.0.0.0) Nero DiscSpeed (Version: 4.99.5.105) Nero Live Help (Version: 1.0.162.0) neroxml (Version: 1.0.0) Nexon Game Manager OpenOffice.org 3.3 (Version: 3.3.9567) Oracle VM VirtualBox 4.2.6 (Version: 4.2.6) OutlookAddInNet3Setup (Version: 1.0.0) Pandora's Box 2 (Version: 2.0.0.5) PDF Settings CS5 (Version: 10.0) PDF24 Creator 5.4.0 PDFCreator (Version: 1.5.0) PokerStars.eu PS3 Media Server (Version: 1.82.0) QuickTime (Version: 7.74.80.86) Samsung Kies (Version: 2.5.1.12123_2) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skype� 6.5 (Version: 6.5.158) Steam (Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.6) TeamViewer 8 (Version: 8.0.16642) TERA (Version: 7) ToolboxProxy (Version: 020.023.005) tools-windows (Version: 8.8.2.703057) TVersity Codec Pack 1.7 (Version: 1.7) TVersity Media Server 1.9.7 (Version: 1.9.7) Ultima Online 2D Client (Version: 5.0.9) Unlocker 1.9.1-x64 (Version: 1.9.1) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Vampire Editor VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Vistaprint Fotob點her Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.6 (Version: 2.0.6) VmciSockets (Version: 9.1.54.1) VMware Player (Version: 4.0.3.29699) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows XP Mode (Version: 1.3.7600.16422) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777) ========================= Memory info: =================================== Percentage of memory in use: 24% Total physical RAM: 8173.86 MB Available physical RAM: 6153.54 MB Total Pagefile: 16345.9 MB Available Pagefile: 14252.22 MB Total Virtual: 4095.88 MB Available Virtual: 3957.13 MB ========================= Partitions: ===================================== 1 Drive c: (C) (Fixed) (Total:449.66 GB) (Free:326.87 GB) NTFS 2 Drive d: (D) (Fixed) (Total:465.76 GB) (Free:152.29 GB) NTFS 5 Drive g: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT ========================= Users: ======================================== Benutzerkonten f乺 \\TERO Administrator ASPNET Gast K.Badekow Der Befehl wurde erfolgreich ausgef乭rt. ========================= Minidump Files ================================== No minidump file found **** End of log **** |
02.07.2013, 13:37 | #4 | |
/// the machine /// TB-Ausbilder | Keine InternetverbindungZitat:
Dateien, wie Crack.exe, Keygen.exe oder Patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 13:43 | #5 |
| Keine Internetverbindung Das hat mir mein Kollege so eingestellt, weil er meinte, dass ich so sein InDesign nutzen könnte, dass ich im endeffekt nur einmal brauchte, weil ich die datei dann in pdf konvertieren konnte und das mir ausreichte. Kann alles runter von mir aus |
02.07.2013, 13:48 | #6 |
/// the machine /// TB-Ausbilder | Keine Internetverbindung Dann bitte alles von Adobe, was drauf ist, deinstallieren, und frische Logs.
__________________ --> Keine Internetverbindung |
02.07.2013, 14:35 | #7 |
| Keine InternetverbindungCode:
ATTFilter SMiniToolBox by Farbar Version: 16-06-2013 Ran by K.Badekow (administrator) on 02-07-2013 at 15:23:53 Running from "C:\Users\K.Badekow\Desktop" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows-IP-Konfiguration Der DNS-Aufl攕ungscache wurde geleert. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected) Atheros AR5B97 Wireless Network Adapter = Drahtlosnetzwerkverbindung (Connected) VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected) VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected) NCP Secure Client Virtual NDIS6 Adapter = LAN-Verbindung 2 (Hardware not present) Atheros AR8151 PCI-E Gigabit Ethernet Controller = LAN-Verbindung (Media disconnected) # ---------------------------------- # IPv4-Konfiguration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="LAN-Verbindung 2" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0 add address name="VMware Network Adapter VMnet1" address=192.168.137.1 mask=255.255.255.0 add address name="VMware Network Adapter VMnet8" address=192.168.219.1 mask=255.255.255.0 popd # Ende der IPv4-Konfiguration Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : Tero Prim剅es DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Broadcast IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein Tunneladapter LAN-Verbindung* 3: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Microsoft-Teredo-Tunneling-Adapter Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Server: UnKnown Address: 127.0.0.1 Ping-Anforderung konnte Host "google.com" nicht finden. 歜erpr乫en Sie den Namen, und versuchen Sie es erneut. Server: UnKnown Address: 127.0.0.1 Ping-Anforderung konnte Host "yahoo.com" nicht finden. 歜erpr乫en Sie den Namen, und versuchen Sie es erneut. Ping wird ausgef乭rt f乺 127.0.0.1 mit 32 Bytes Daten: Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128 Ping-Statistik f乺 127.0.0.1: Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms =========================================================================== Schnittstellenliste 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Microsoft-Teredo-Tunneling-Adapter =========================================================================== IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 =========================================================================== St刵dige Routen: Keine IPv6-Routentabelle =========================================================================== Aktive Routen: If Metrik Netzwerkziel Gateway 1 306 ::1/128 Auf Verbindung 1 306 ff00::/8 Auf Verbindung =========================================================================== St刵dige Routen: Keine ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.) Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.) x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.) ========================= Event log errors: =============================== Application errors: ================== Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/02/2013 00:59:42 PM) (Source: DCOM) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (07/02/2013 00:43:07 PM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:02:53 AM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:00:43 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist f黵 "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/01/2013 10:52:22 AM) (Source: DCOM) (User: NT-AUTORIT腡) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORIT腡SYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/29/2013 10:50:05 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist f黵 "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/29/2013 10:05:44 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:03:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:23 PM) (Source: ipnathlp) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-02-20 19:22:40.185 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:40.162 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.487 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.466 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.657 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.635 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.729 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.708 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.706 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.686 Description: Windows konnte die Abbildintegrit鋞 der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht 黚erpr黤en, weil der Dateihash nicht im System gefunden wurde. M鰃licherweise wurde durch eine k黵zlich durchgef黨rte Hardware- oder Software鋘derung eine falsch signierte oder besch鋎igte Datei oder eine Datei, bei der es sich um sch鋎liche Software aus einer unbekannten Quelle handelt, installiert. =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 8.2.1) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.851.4) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) Apple Application Support (Version: 2.3) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3345) AVG 2013 (Version: 2013.0.3345) AviSynth 2.5 Bandicam (Version: 1.8.6.321) Bandisoft MPEG-1 Decoder BlackBerry Desktop Software 7.1 (Version: 7.1.0.32) Browser-Plug-In f黵 BlackBerry App World (Version: 4.2.1.8) Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon LBP7010C/7018C Canon MP Navigator EX 4.0 CanoScan LiDE 110 Scanner Driver Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Curse Client (Version: 4.0.1.260) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.45.3.0297) dakota.ag (Version: 5.0.0.0) DivX-Setup (Version: 2.6.1.24) DragonCastle (Version: 1.0) Dropbox (Version: 2.0.22) ElsterFormular (Version: 14.3.20130522) FileZilla Client 3.6.0.2 (Version: 3.6.0.2) FLAC To MP3 V4.0.4 Free FLV Converter V 7.5.0 (Version: 7.5.0.0) Glary Utilities 2.55.0.1790 (Version: 2.55.0.1790) Guard.ICQ Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HP LJ300-400 color MFP M375-M475 HP LJ300-400 color MFP M375-M475 Fax (Version: 24.0.0.0) HP LJ300-400 M375-M475 HP Scan (Version: 1.0.302.0) HP Product Detection (Version: 11.14.0001) HP Product FWUpdater (Version: 4.0.0.6579) HP Unified IO (Version: 1.0.1.94) HP Update (Version: 5.003.001.001) hpbDSService (Version: 001.001.05133) hpbM375M475DSService (Version: 001.001.05164) HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (Version: 1.01.0000) HPLJDXPHelper (Version: 020.021.004) HPLJUTCore (Version: 1.02.0014) HPLJUTM375-M475 (Version: 1.02.0013) hppFaxDrvM375M475 (Version: 003.000.00002) hppLaserJetService (Version: 009.022.00806) hppM375_M475LaserJetService (Version: 005.020.00094) hppSendFaxM375M475 (Version: 003.000.00002) hppToolboxProxyM375 (Version: 020.021.004) hpStatusAlerts (Version: 020.025.1119) hpStatusAlertsM375_M475 (Version: 020.023.01805) ICQ Sparberater (Version: 1.3.671) ICQ7.7 (Version: 7.7) ImagXpress (Version: 7.0.74.0) InstanceFinder (Version: 020.021.004) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130) JavaFX 2.1.1 (Version: 2.1.1) JDownloader 0.9 (Version: 0.9) Junk Mail filter update (Version: 15.4.3502.0922) Lexware Admintools Pro (Version: 11.50.00.0135) Lexware financial office pro 2011 (Version: 11.50.00.0235) Lexware financial office pro 2011 (Version: 11.63.00.0283) Lexware Info Service (Version: 2.70.00.0081) Lexware online banking (Version: 11.00.00.0039) Lexware professional Datenbank 2011 (Version: 11.50.00.0148) LJDXPHelperUI (Version: 020.021.004) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software-Treiberpaket (Version: 12.10.1110) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyPhoneExplorer (Version: 1.8.4) NCP Secure Entry Client (Version: 9.31 Build 104) Nero 7 Premium (Version: 7.01.4068) Nero ControlCenter (Version: 0.0.0.1) Nero Disc Copy Gadget Help (Version: 2.0.0.0) Nero DiscSpeed (Version: 4.99.5.105) Nero Live Help (Version: 1.0.162.0) neroxml (Version: 1.0.0) Nexon Game Manager OpenOffice.org 3.3 (Version: 3.3.9567) Oracle VM VirtualBox 4.2.6 (Version: 4.2.6) OutlookAddInNet3Setup (Version: 1.0.0) Pandora's Box 2 (Version: 2.0.0.5) PDF24 Creator 5.4.0 PDFCreator (Version: 1.5.0) PokerStars.eu PS3 Media Server (Version: 1.82.0) QuickTime (Version: 7.74.80.86) Samsung Kies (Version: 2.5.1.12123_2) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skype� 6.5 (Version: 6.5.158) Steam (Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.6) TeamViewer 8 (Version: 8.0.16642) TERA (Version: 7) ToolboxProxy (Version: 020.023.005) tools-windows (Version: 8.8.2.703057) TVersity Codec Pack 1.7 (Version: 1.7) TVersity Media Server 1.9.7 (Version: 1.9.7) Ultima Online 2D Client (Version: 5.0.9) Unlocker 1.9.1-x64 (Version: 1.9.1) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Vampire Editor VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Vistaprint Fotob點her Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.6 (Version: 2.0.6) VmciSockets (Version: 9.1.54.1) VMware Player (Version: 4.0.3.29699) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows XP Mode (Version: 1.3.7600.16422) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777) ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 8173.86 MB Available physical RAM: 5816.93 MB Total Pagefile: 16345.9 MB Available Pagefile: 13868.02 MB Total Virtual: 4095.88 MB Available Virtual: 3957.12 MB ========================= Partitions: ===================================== 1 Drive c: (C) (Fixed) (Total:449.66 GB) (Free:329.86 GB) NTFS 2 Drive d: (D) (Fixed) (Total:465.76 GB) (Free:156.44 GB) NTFS ========================= Users: ======================================== Benutzerkonten f乺 \\TERO Administrator ASPNET Gast K.Badekow Der Befehl wurde erfolgreich ausgef乭rt. ========================= Minidump Files ================================== No minidump file found **** End of log **** can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03 (ATTENTION: FRST version is 21 days old) Ran by K.Badekow (administrator) on 02-07-2013 15:27:55 Running from C:\Users\K.Badekow\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe (NCP Engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe () C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [170496 2013-04-13] (Sun Microsystems, Inc.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [1001472 2013-01-07] (NCP engineering GmbH) HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 11 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default FF SelectedSearchEngine: Search the web (Babylon) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f�r BlackBerry App World\npappworld.dll () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Adobe InDesign\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-16] () S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2008-07-02] (iAnywhere Solutions, Inc.) R2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH) R2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH) R2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] () R2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] () ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-17] (DT Soft Ltd) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 15:04 - 2013-06-11 20:06 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:23 - 2013-07-02 15:25 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 13:22 - 2013-07-02 15:26 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-06-29 22:04 - 2013-06-29 22:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:56 - 2013-06-29 20:57 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-27 21:03 - 2013-06-27 21:05 - 00000000 ____D C:\tmp 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:22 - 2013-06-26 08:25 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:51 - 2013-06-24 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 10:35 - 2013-06-20 10:36 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-15 22:23 - 2013-06-15 22:24 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 15:06 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 15:06 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 15:06 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 15:06 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 15:06 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:01 - 2013-06-14 22:02 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:34 - 2013-06-12 08:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:53 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 22:53 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 22:53 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 22:53 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-11 19:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 19:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 19:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 19:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 19:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 19:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 19:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 19:31 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 19:31 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-05 06:24 - 2012-10-17 16:37 - 00397312 ____A (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe 2013-06-05 06:24 - 2011-09-28 09:18 - 00364544 ____A C:\Windows\SysWOW64\PropertyGrid.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00208500 ____A C:\Windows\SysWOW64\ReyXpBasics.tlb 2013-06-05 06:24 - 2011-09-28 09:18 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00084512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00024576 ____A C:\Windows\SysWOW64\ControlSubX.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:10 - 2013-06-02 21:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== One Month Modified Files and Folders ======= 2013-07-02 15:26 - 2013-07-02 13:22 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 15:25 - 2013-07-02 13:23 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 15:22 - 2012-02-16 21:36 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-02 15:17 - 2012-08-04 09:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-02 15:14 - 2012-02-16 10:29 - 01971644 ____A C:\Windows\WindowsUpdate.log 2013-07-02 14:09 - 2012-02-16 20:30 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Adobe 2013-07-02 14:08 - 2012-05-15 20:49 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-02 14:08 - 2012-02-16 21:36 - 00000000 ____D C:\ProgramData\Adobe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 13:20 - 2013-02-01 12:09 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Dropbox 2013-07-02 13:06 - 2012-02-19 13:20 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\Adobe 2013-07-02 13:05 - 2011-04-12 09:43 - 00713452 ____A C:\Windows\System32\perfh007.dat 2013-07-02 13:05 - 2011-04-12 09:43 - 00156276 ____A C:\Windows\System32\perfc007.dat 2013-07-02 13:05 - 2009-07-14 07:13 - 01659940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-02 13:04 - 2013-04-18 18:37 - 00000000 ____D C:\Users\K.Badekow\Documents\Handelsgesellschaft Badekow 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:47 - 2012-02-16 21:41 - 00000000 ____D C:\ProgramData\MFAData 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-02 12:42 - 2013-05-02 23:57 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-07-02 12:42 - 2013-01-19 15:23 - 00000431 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-07-02 12:42 - 2012-05-17 12:45 - 00000000 ____D C:\ProgramData\VMware 2013-07-02 12:41 - 2012-01-10 21:14 - 00094668 ____A C:\Windows\setupact.log 2013-07-02 12:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-07-01 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-29 22:05 - 2013-06-29 22:04 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:19 - 2012-05-18 22:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:57 - 2013-06-29 20:56 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 20:56 - 2012-10-02 09:22 - 593580212 ____A C:\Windows\MEMORY.DMP 2013-06-29 20:56 - 2012-10-02 09:22 - 00000000 ____D C:\Windows\Minidump 2013-06-29 20:53 - 2012-05-17 13:17 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VMware 2013-06-29 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-29 20:47 - 2012-05-17 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\VMware 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-28 01:48 - 2012-03-11 15:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Skype 2013-06-27 22:31 - 2013-01-30 19:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-27 22:31 - 2012-03-11 15:27 - 00000000 ____D C:\ProgramData\Skype 2013-06-27 21:59 - 2012-02-17 03:00 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\vlc 2013-06-27 21:05 - 2013-06-27 21:03 - 00000000 ____D C:\tmp 2013-06-27 21:03 - 2012-02-16 10:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VirtualStore 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 19:12 - 2013-04-27 12:49 - 00001992 ___AH C:\Users\K.Badekow\Documents\Default.rdp 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-27 10:30 - 2013-05-31 20:43 - 00010304 ____A C:\Users\K.Badekow\Desktop\mtl.ods 2013-06-26 14:11 - 2012-12-02 15:54 - 00068376 ____A C:\Users\K.Badekow\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-26 14:09 - 2013-02-09 22:44 - 00000000 ____D C:\Users\K.Badekow\Documents\Rudeloff 2013-06-26 14:05 - 2009-07-14 06:45 - 04930256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 11:59 - 2013-01-30 19:20 - 00000000 ____D C:\Users\K.Badekow\Documents\Betriebswirt 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:37 - 2012-02-16 10:36 - 00000000 ____D C:\users\K.Badekow 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:25 - 2013-06-26 08:22 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:52 - 2013-06-24 12:51 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:39 - 2012-02-16 21:43 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-24 11:39 - 2012-02-16 20:50 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 19:11 - 2013-04-19 22:50 - 00022318 ____A C:\Users\K.Badekow\Documents\Zeugnis Badekow2.odt 2013-06-20 10:36 - 2013-06-20 10:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-17 13:50 - 2010-11-21 05:47 - 00132972 ____A C:\Windows\PFRO.log 2013-06-15 22:24 - 2013-06-15 22:23 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 22:24 - 2012-02-16 20:28 - 00000000 ____D C:\Users\K.Badekow\.dvdcss 2013-06-15 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:02 - 2013-06-14 22:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:35 - 2013-06-12 08:34 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:54 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 22:00 - 2012-12-13 21:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\PokerStars.EU 2013-06-11 21:17 - 2012-04-05 22:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 21:17 - 2012-02-16 20:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 20:06 - 2013-07-02 15:04 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-08 16:08 - 2013-06-15 15:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 15:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 15:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-04 17:41 - 2013-04-09 20:59 - 00000000 ____D C:\ProgramData\Lexware 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:11 - 2013-06-02 21:10 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 20:36 ==================== End Of Log ============================ Code:
ATTFilter Farbar Service Scanner Version: 27-06-2013 Ran by K.Badekow (administrator) on 02-07-2013 at 15:25:57 Running from "C:\Users\K.Badekow\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error. Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03 (ATTENTION: FRST version is 21 days old) Ran by K.Badekow (administrator) on 02-07-2013 15:27:55 Running from C:\Users\K.Badekow\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe (NCP Engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe () C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [170496 2013-04-13] (Sun Microsystems, Inc.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [1001472 2013-01-07] (NCP engineering GmbH) HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 11 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default FF SelectedSearchEngine: Search the web (Babylon) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f�r BlackBerry App World\npappworld.dll () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Adobe InDesign\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-16] () S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2008-07-02] (iAnywhere Solutions, Inc.) R2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH) R2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH) R2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] () R2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] () ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-17] (DT Soft Ltd) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 15:04 - 2013-06-11 20:06 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:23 - 2013-07-02 15:25 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 13:22 - 2013-07-02 15:26 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-06-29 22:04 - 2013-06-29 22:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:56 - 2013-06-29 20:57 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-27 21:03 - 2013-06-27 21:05 - 00000000 ____D C:\tmp 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:22 - 2013-06-26 08:25 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:51 - 2013-06-24 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 10:35 - 2013-06-20 10:36 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-15 22:23 - 2013-06-15 22:24 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 15:06 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 15:06 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 15:06 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 15:06 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 15:06 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:01 - 2013-06-14 22:02 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:34 - 2013-06-12 08:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:53 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 22:53 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 22:53 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 22:53 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-11 19:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 19:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 19:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 19:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 19:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 19:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 19:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 19:31 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 19:31 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-05 06:24 - 2012-10-17 16:37 - 00397312 ____A (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe 2013-06-05 06:24 - 2011-09-28 09:18 - 00364544 ____A C:\Windows\SysWOW64\PropertyGrid.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00208500 ____A C:\Windows\SysWOW64\ReyXpBasics.tlb 2013-06-05 06:24 - 2011-09-28 09:18 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00084512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00024576 ____A C:\Windows\SysWOW64\ControlSubX.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:10 - 2013-06-02 21:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== One Month Modified Files and Folders ======= 2013-07-02 15:26 - 2013-07-02 13:22 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 15:25 - 2013-07-02 13:23 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 15:22 - 2012-02-16 21:36 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-02 15:17 - 2012-08-04 09:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-02 15:14 - 2012-02-16 10:29 - 01971644 ____A C:\Windows\WindowsUpdate.log 2013-07-02 14:09 - 2012-02-16 20:30 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Adobe 2013-07-02 14:08 - 2012-05-15 20:49 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-02 14:08 - 2012-02-16 21:36 - 00000000 ____D C:\ProgramData\Adobe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 13:20 - 2013-02-01 12:09 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Dropbox 2013-07-02 13:06 - 2012-02-19 13:20 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\Adobe 2013-07-02 13:05 - 2011-04-12 09:43 - 00713452 ____A C:\Windows\System32\perfh007.dat 2013-07-02 13:05 - 2011-04-12 09:43 - 00156276 ____A C:\Windows\System32\perfc007.dat 2013-07-02 13:05 - 2009-07-14 07:13 - 01659940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-02 13:04 - 2013-04-18 18:37 - 00000000 ____D C:\Users\K.Badekow\Documents\Handelsgesellschaft Badekow 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:47 - 2012-02-16 21:41 - 00000000 ____D C:\ProgramData\MFAData 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-02 12:42 - 2013-05-02 23:57 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-07-02 12:42 - 2013-01-19 15:23 - 00000431 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-07-02 12:42 - 2012-05-17 12:45 - 00000000 ____D C:\ProgramData\VMware 2013-07-02 12:41 - 2012-01-10 21:14 - 00094668 ____A C:\Windows\setupact.log 2013-07-02 12:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-07-01 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-29 22:05 - 2013-06-29 22:04 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:19 - 2012-05-18 22:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:57 - 2013-06-29 20:56 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 20:56 - 2012-10-02 09:22 - 593580212 ____A C:\Windows\MEMORY.DMP 2013-06-29 20:56 - 2012-10-02 09:22 - 00000000 ____D C:\Windows\Minidump 2013-06-29 20:53 - 2012-05-17 13:17 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VMware 2013-06-29 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-29 20:47 - 2012-05-17 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\VMware 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-28 01:48 - 2012-03-11 15:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Skype 2013-06-27 22:31 - 2013-01-30 19:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-27 22:31 - 2012-03-11 15:27 - 00000000 ____D C:\ProgramData\Skype 2013-06-27 21:59 - 2012-02-17 03:00 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\vlc 2013-06-27 21:05 - 2013-06-27 21:03 - 00000000 ____D C:\tmp 2013-06-27 21:03 - 2012-02-16 10:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VirtualStore 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 19:12 - 2013-04-27 12:49 - 00001992 ___AH C:\Users\K.Badekow\Documents\Default.rdp 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-27 10:30 - 2013-05-31 20:43 - 00010304 ____A C:\Users\K.Badekow\Desktop\mtl.ods 2013-06-26 14:11 - 2012-12-02 15:54 - 00068376 ____A C:\Users\K.Badekow\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-26 14:09 - 2013-02-09 22:44 - 00000000 ____D C:\Users\K.Badekow\Documents\Rudeloff 2013-06-26 14:05 - 2009-07-14 06:45 - 04930256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 11:59 - 2013-01-30 19:20 - 00000000 ____D C:\Users\K.Badekow\Documents\Betriebswirt 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:37 - 2012-02-16 10:36 - 00000000 ____D C:\users\K.Badekow 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:25 - 2013-06-26 08:22 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:52 - 2013-06-24 12:51 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:39 - 2012-02-16 21:43 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-24 11:39 - 2012-02-16 20:50 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 19:11 - 2013-04-19 22:50 - 00022318 ____A C:\Users\K.Badekow\Documents\Zeugnis Badekow2.odt 2013-06-20 10:36 - 2013-06-20 10:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-17 13:50 - 2010-11-21 05:47 - 00132972 ____A C:\Windows\PFRO.log 2013-06-15 22:24 - 2013-06-15 22:23 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 22:24 - 2012-02-16 20:28 - 00000000 ____D C:\Users\K.Badekow\.dvdcss 2013-06-15 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:02 - 2013-06-14 22:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:35 - 2013-06-12 08:34 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:54 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 22:00 - 2012-12-13 21:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\PokerStars.EU 2013-06-11 21:17 - 2012-04-05 22:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 21:17 - 2012-02-16 20:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 20:06 - 2013-07-02 15:04 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-08 16:08 - 2013-06-15 15:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 15:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 15:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-04 17:41 - 2013-04-09 20:59 - 00000000 ____D C:\ProgramData\Lexware 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:11 - 2013-06-02 21:10 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 20:36 ==================== End Of Log ============================ --- --- --- |
02.07.2013, 14:45 | #8 |
| Keine InternetverbindungFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 03 (ATTENTION: FRST version is 21 days old) Ran by K.Badekow (administrator) on 02-07-2013 15:27:55 Running from C:\Users\K.Badekow\Desktop Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe (NCP Engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe () C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Dropbox, Inc.) C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNACBSWK.EXE (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [170496 2013-04-13] (Sun Microsystems, Inc.) HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3481408 2012-02-13] (DT Soft Ltd) HKCU\...\Policies\system: [disableregistrytools] 0 HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [NcpBudgetGui] "C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe" -start [1001472 2013-01-07] (NCP engineering GmbH) HKLM-x32\...\Run: [NcpPopup] "C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe" noerrmsg [1011280 2012-03-20] (NCP engineering GmbH) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NcpRsuGui] "C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe" -gui [883792 2011-08-22] (NCP engineering GmbH) HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=101012_24_4112_6&babsrc=SP_ss&mntrId=926aa9df00000000000074de2bad3d8f BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog9 11 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63088] (VMware, Inc.) Winsock: Catalog9-x64 11 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67184] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default FF SelectedSearchEngine: Search the web (Babylon) FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In f�r BlackBerry App World\npappworld.dll () FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Adobe InDesign\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.) R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-16] () S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] () R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2008-07-02] (iAnywhere Solutions, Inc.) R2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH) R2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH) R2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] () R2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH) S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] () ==================== Drivers (Whitelisted) ==================== R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-17] (DT Soft Ltd) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 15:04 - 2013-06-11 20:06 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:23 - 2013-07-02 15:25 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 13:22 - 2013-07-02 15:26 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-06-29 22:04 - 2013-06-29 22:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:56 - 2013-06-29 20:57 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-27 21:03 - 2013-06-27 21:05 - 00000000 ____D C:\tmp 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:22 - 2013-06-26 08:25 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:51 - 2013-06-24 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 10:35 - 2013-06-20 10:36 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-15 22:23 - 2013-06-15 22:24 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 15:06 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 15:06 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 15:06 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 15:06 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 15:06 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 15:06 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 15:06 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:01 - 2013-06-14 22:02 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:34 - 2013-06-12 08:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:53 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 22:53 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 22:53 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 22:53 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 22:53 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 22:53 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-11 19:32 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 19:32 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 19:32 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 19:32 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 19:32 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 19:32 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 19:32 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 19:31 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 19:31 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 19:31 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 19:31 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 19:31 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-05 06:24 - 2012-10-17 16:37 - 00397312 ____A (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe 2013-06-05 06:24 - 2011-09-28 09:18 - 00364544 ____A C:\Windows\SysWOW64\PropertyGrid.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00208500 ____A C:\Windows\SysWOW64\ReyXpBasics.tlb 2013-06-05 06:24 - 2011-09-28 09:18 - 00152848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00141312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00119568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00084512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX 2013-06-05 06:24 - 2011-09-28 09:18 - 00032768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL 2013-06-05 06:24 - 2011-09-28 09:18 - 00024576 ____A C:\Windows\SysWOW64\ControlSubX.ocx 2013-06-05 06:24 - 2011-09-28 09:18 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:10 - 2013-06-02 21:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== One Month Modified Files and Folders ======= 2013-07-02 15:26 - 2013-07-02 13:22 - 00002589 ____A C:\Users\K.Badekow\Desktop\FSS.txt 2013-07-02 15:25 - 2013-07-02 13:23 - 00030269 ____A C:\Users\K.Badekow\Desktop\Result.txt 2013-07-02 15:22 - 2012-02-16 21:36 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-07-02 15:17 - 2012-08-04 09:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-02 15:14 - 2012-02-16 10:29 - 01971644 ____A C:\Windows\WindowsUpdate.log 2013-07-02 14:09 - 2012-02-16 20:30 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Adobe 2013-07-02 14:08 - 2012-05-15 20:49 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-07-02 14:08 - 2012-02-16 21:36 - 00000000 ____D C:\ProgramData\Adobe 2013-07-02 13:37 - 2013-07-02 13:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{94ABE251-66B6-4307-80C6-0878C0056413} 2013-07-02 13:20 - 2013-07-02 13:20 - 00760775 ____A (Farbar) C:\Users\K.Badekow\Desktop\MiniToolBox.exe 2013-07-02 13:20 - 2013-07-02 13:20 - 00356397 ____A (Farbar) C:\Users\K.Badekow\Desktop\FSS.exe 2013-07-02 13:20 - 2013-02-01 12:09 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Dropbox 2013-07-02 13:06 - 2012-02-19 13:20 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\Adobe 2013-07-02 13:05 - 2011-04-12 09:43 - 00713452 ____A C:\Windows\System32\perfh007.dat 2013-07-02 13:05 - 2011-04-12 09:43 - 00156276 ____A C:\Windows\System32\perfc007.dat 2013-07-02 13:05 - 2009-07-14 07:13 - 01659940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-02 13:04 - 2013-04-18 18:37 - 00000000 ____D C:\Users\K.Badekow\Documents\Handelsgesellschaft Badekow 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:49 - 2009-07-14 06:45 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 12:47 - 2012-02-16 21:41 - 00000000 ____D C:\ProgramData\MFAData 2013-07-02 12:43 - 2013-07-02 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{E6CEFBA5-0C25-4095-B20F-13B3072B6995} 2013-07-02 12:42 - 2013-05-02 23:57 - 00000334 ____A C:\Windows\Tasks\GlaryInitialize.job 2013-07-02 12:42 - 2013-01-19 15:23 - 00000431 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-07-02 12:42 - 2012-05-17 12:45 - 00000000 ____D C:\ProgramData\VMware 2013-07-02 12:41 - 2012-01-10 21:14 - 00094668 ____A C:\Windows\setupact.log 2013-07-02 12:41 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Windows\erdnt 2013-07-01 11:19 - 2013-07-01 11:19 - 00000000 ____D C:\Qoobox 2013-07-01 11:05 - 2013-07-01 11:05 - 00000000 ____D C:\FRST 2013-07-01 11:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-06-29 22:05 - 2013-06-29 22:04 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4105C62B-65D6-414B-B50A-B543148C4F2E} 2013-06-29 21:19 - 2012-05-18 22:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-06-29 21:08 - 2013-06-29 21:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{754EBE3D-CD32-4C44-A42D-18006450009A} 2013-06-29 20:57 - 2013-06-29 20:56 - 00276088 ____A C:\Windows\Minidump\062913-37393-01.dmp 2013-06-29 20:56 - 2012-10-02 09:22 - 593580212 ____A C:\Windows\MEMORY.DMP 2013-06-29 20:56 - 2012-10-02 09:22 - 00000000 ____D C:\Windows\Minidump 2013-06-29 20:53 - 2012-05-17 13:17 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VMware 2013-06-29 20:50 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-29 20:47 - 2012-05-17 12:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\VMware 2013-06-29 09:08 - 2013-06-29 09:08 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{F520A111-6D29-4EFD-863A-69C3ADEC4DDA} 2013-06-28 11:14 - 2013-06-28 11:14 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{9F928144-95BF-4577-8C67-EFF672D1F808} 2013-06-28 01:48 - 2012-03-11 15:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\Skype 2013-06-27 22:31 - 2013-01-30 19:56 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-27 22:31 - 2012-03-11 15:27 - 00000000 ____D C:\ProgramData\Skype 2013-06-27 21:59 - 2012-02-17 03:00 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\vlc 2013-06-27 21:05 - 2013-06-27 21:03 - 00000000 ____D C:\tmp 2013-06-27 21:03 - 2012-02-16 10:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\VirtualStore 2013-06-27 20:59 - 2013-06-27 20:59 - 00000561 ____A C:\Users\Public\Desktop\FLAC To MP3.lnk 2013-06-27 19:12 - 2013-04-27 12:49 - 00001992 ___AH C:\Users\K.Badekow\Documents\Default.rdp 2013-06-27 17:27 - 2013-06-27 17:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{56D12B53-1636-45D7-B134-6BB274AD6F76} 2013-06-27 10:30 - 2013-05-31 20:43 - 00010304 ____A C:\Users\K.Badekow\Desktop\mtl.ods 2013-06-26 14:11 - 2012-12-02 15:54 - 00068376 ____A C:\Users\K.Badekow\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-26 14:09 - 2013-02-09 22:44 - 00000000 ____D C:\Users\K.Badekow\Documents\Rudeloff 2013-06-26 14:05 - 2009-07-14 06:45 - 04930256 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-26 12:06 - 2013-06-26 12:06 - 00001550 ____A C:\Users\Public\Desktop\Adobe Application Manager.lnk 2013-06-26 11:59 - 2013-01-30 19:20 - 00000000 ____D C:\Users\K.Badekow\Documents\Betriebswirt 2013-06-26 09:58 - 2013-06-26 09:58 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 09:37 - 2013-06-26 09:37 - 00000000 ____D C:\Users\K.Badekow\.android 2013-06-26 09:37 - 2012-02-16 10:36 - 00000000 ____D C:\users\K.Badekow 2013-06-26 09:35 - 2013-06-26 09:35 - 00007334 ____A C:\Users\K.Badekow\Desktop\OpenDocument Text (neu).odt 2013-06-26 08:25 - 2013-06-26 08:22 - 00000000 ____D C:\Users\K.Badekow\Documents\Songtexte 2013-06-26 08:22 - 2013-06-26 08:22 - 00003498 ____A C:\Users\K.Badekow\Desktop\Projektarbeit.lnk 2013-06-26 08:11 - 2013-06-26 08:11 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{128BC551-4EE5-4B69-955E-030FE2EE38CC} 2013-06-25 18:47 - 2013-06-25 18:47 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{4717120F-BF25-477D-9049-681B5FA7F326} 2013-06-24 13:12 - 2013-06-24 13:12 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\TERA 2013-06-24 12:52 - 2013-06-24 12:51 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{65E7A4AF-91BF-491E-A875-EA44802BA86C} 2013-06-24 11:39 - 2013-06-24 11:39 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-24 11:39 - 2013-06-24 11:39 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-24 11:39 - 2012-02-16 21:43 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-06-24 11:39 - 2012-02-16 20:50 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-22 12:43 - 2013-06-22 12:43 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2ECB220E-1744-472E-B0E9-F3D2B33C6B29} 2013-06-21 13:28 - 2013-06-21 13:28 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2A6B4077-791F-44FE-B554-464D24DE1A50} 2013-06-20 19:11 - 2013-04-19 22:50 - 00022318 ____A C:\Users\K.Badekow\Documents\Zeugnis Badekow2.odt 2013-06-20 10:36 - 2013-06-20 10:35 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7B35B0F4-B460-4D27-ADBF-2B7607A477A0} 2013-06-19 18:49 - 2013-06-19 18:49 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D2CF201F-47E1-46D0-9AB7-307303E5B4DB} 2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{A6CBDF6B-B792-4F31-BC5F-491FF9699B57} 2013-06-17 15:26 - 2013-06-17 15:26 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{2535FBC9-68F1-4230-A1D3-30148137CA25} 2013-06-17 13:50 - 2010-11-21 05:47 - 00132972 ____A C:\Windows\PFRO.log 2013-06-15 22:24 - 2013-06-15 22:23 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server 2013-06-15 22:24 - 2012-02-16 20:28 - 00000000 ____D C:\Users\K.Badekow\.dvdcss 2013-06-15 11:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 11:05 - 2013-06-15 11:05 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{CF1E691A-FB33-45B6-BCDD-8433F62DA873} 2013-06-14 22:02 - 2013-06-14 22:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{D6510E01-74D2-42BA-BB76-A5C8D525B3F2} 2013-06-14 08:06 - 2013-06-14 08:06 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{8469943F-2959-42B5-93AF-45716B3B09B9} 2013-06-12 08:35 - 2013-06-12 08:34 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7882D4C6-F219-4280-90FF-AAE445BD7B45} 2013-06-11 22:54 - 2012-01-10 20:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 22:00 - 2012-12-13 21:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\PokerStars.EU 2013-06-11 21:17 - 2012-04-05 22:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-11 21:17 - 2012-02-16 20:30 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 20:06 - 2013-07-02 15:04 - 01920158 ____A (Farbar) C:\Users\K.Badekow\Desktop\FRST64.exe 2013-06-11 19:52 - 2013-06-11 19:52 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{FA625A9A-EB29-492B-8508-32FEE2B4D531} 2013-06-09 21:01 - 2013-06-09 21:01 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{3C1934F7-C6DF-49B3-BDAD-6A151B7341FA} 2013-06-08 16:08 - 2013-06-15 15:06 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 15:06 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 15:06 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 15:06 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 15:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 17:33 - 2013-06-07 17:33 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{BC0028D6-5C2A-45A7-82B2-A8D929F7FFE9} 2013-06-06 21:37 - 2013-06-06 21:37 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{448FE722-BA76-40B6-A6B9-044096689F8D} 2013-06-06 08:53 - 2013-06-06 08:53 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{EA4EC261-94DA-4147-9A9F-814BD04620DE} 2013-06-05 06:24 - 2013-06-05 06:24 - 00001149 ____A C:\Users\K.Badekow\Desktop\Free FLV Converter.lnk 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 06:24 - 2013-06-05 06:24 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter 2013-06-04 17:41 - 2013-04-09 20:59 - 00000000 ____D C:\ProgramData\Lexware 2013-06-04 17:13 - 2013-06-04 17:13 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{1A583EA5-E510-437D-AF08-DBAF5868DF17} 2013-06-03 18:45 - 2013-06-03 18:45 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{33FE1A42-0519-4B1F-997C-500E38842510} 2013-06-02 21:11 - 2013-06-02 21:10 - 00000000 ____D C:\Users\K.Badekow\AppData\Local\{7F07F3D4-79CC-439B-BEDE-E8941DA407A3} ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 20:36 ==================== End Of Log ============================ |
02.07.2013, 16:37 | #9 |
/// the machine /// TB-Ausbilder | Keine Internetverbindung Additional.txt fehlt noch Windows-Taste +R, schreibe ipconfig /flushdns ipconfig /release ipconfig /renew nach jeder Zeile Enter. Reboot. Lan checken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 16:44 | #10 |
| Keine InternetverbindungCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2013 03 Ran by K.Badekow at 2013-07-02 17:39:40 Run: Running from C:\Users\K.Badekow\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 8.2.1) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.851.4) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) Apple Application Support (Version: 2.3) Apple Software Update (Version: 2.1.3.127) AVG 2013 (Version: 13.0.3204) AVG 2013 (Version: 13.0.3345) AVG 2013 (Version: 2013.0.3345) AviSynth 2.5 Bandicam (Version: 1.8.6.321) Bandisoft MPEG-1 Decoder BlackBerry Desktop Software 7.1 (Version: 7.1.0.32) Browser-Plug-In für BlackBerry App World (Version: 4.2.1.8) Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon LBP7010C/7018C Canon MP Navigator EX 4.0 CanoScan LiDE 110 Scanner Driver Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Curse Client (Version: 4.0.1.260) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.45.3.0297) dakota.ag (Version: 5.0.0.0) DivX-Setup (Version: 2.6.1.24) DragonCastle (Version: 1.0) Dropbox (Version: 2.0.22) ElsterFormular (Version: 14.3.20130522) FileZilla Client 3.6.0.2 (Version: 3.6.0.2) FLAC To MP3 V4.0.4 Free FLV Converter V 7.5.0 (Version: 7.5.0.0) Glary Utilities 2.55.0.1790 (Version: 2.55.0.1790) Guard.ICQ Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HP LJ300-400 color MFP M375-M475 HP LJ300-400 color MFP M375-M475 Fax (Version: 24.0.0.0) HP LJ300-400 M375-M475 HP Scan (Version: 1.0.302.0) HP Product Detection (Version: 11.14.0001) HP Product FWUpdater (Version: 4.0.0.6579) HP Unified IO (Version: 1.0.1.94) HP Update (Version: 5.003.001.001) hpbDSService (Version: 001.001.05133) hpbM375M475DSService (Version: 001.001.05164) HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (Version: 1.01.0000) HPLJDXPHelper (Version: 020.021.004) HPLJUTCore (Version: 1.02.0014) HPLJUTM375-M475 (Version: 1.02.0013) hppFaxDrvM375M475 (Version: 003.000.00002) hppLaserJetService (Version: 009.022.00806) hppM375_M475LaserJetService (Version: 005.020.00094) hppSendFaxM375M475 (Version: 003.000.00002) hppToolboxProxyM375 (Version: 020.021.004) hpStatusAlerts (Version: 020.025.1119) hpStatusAlertsM375_M475 (Version: 020.023.01805) ICQ Sparberater (Version: 1.3.671) ICQ7.7 (Version: 7.7) ImagXpress (Version: 7.0.74.0) InstanceFinder (Version: 020.021.004) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130) JavaFX 2.1.1 (Version: 2.1.1) JDownloader 0.9 (Version: 0.9) Junk Mail filter update (Version: 15.4.3502.0922) Lexware Admintools Pro (Version: 11.50.00.0135) Lexware financial office pro 2011 (Version: 11.50.00.0235) Lexware financial office pro 2011 (Version: 11.63.00.0283) Lexware Info Service (Version: 2.70.00.0081) Lexware online banking (Version: 11.00.00.0039) Lexware professional Datenbank 2011 (Version: 11.50.00.0148) LJDXPHelperUI (Version: 020.021.004) Logitech Webcam Software (Version: 12.10.1113) Logitech Webcam Software-Treiberpaket (Version: 12.10.1110) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MyPhoneExplorer (Version: 1.8.4) NCP Secure Entry Client (Version: 9.31 Build 104) Nero 7 Premium (Version: 7.01.4068) Nero ControlCenter (Version: 0.0.0.1) Nero Disc Copy Gadget Help (Version: 2.0.0.0) Nero DiscSpeed (Version: 4.99.5.105) Nero Live Help (Version: 1.0.162.0) neroxml (Version: 1.0.0) Nexon Game Manager OpenOffice.org 3.3 (Version: 3.3.9567) Oracle VM VirtualBox 4.2.6 (Version: 4.2.6) OutlookAddInNet3Setup (Version: 1.0.0) Pandora's Box 2 (Version: 2.0.0.5) PDF24 Creator 5.4.0 PDFCreator (Version: 1.5.0) PokerStars.eu PS3 Media Server (Version: 1.82.0) QuickTime (Version: 7.74.80.86) Samsung Kies (Version: 2.5.1.12123_2) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0) Servicepack Datumsaktualisierung (Version: 1.00.00.0005) Skype™ 6.5 (Version: 6.5.158) Steam (Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.6) TeamViewer 8 (Version: 8.0.16642) TERA (Version: 7) ToolboxProxy (Version: 020.023.005) tools-windows (Version: 8.8.2.703057) TVersity Codec Pack 1.7 (Version: 1.7) TVersity Media Server 1.9.7 (Version: 1.9.7) Ultima Online 2D Client (Version: 5.0.9) Unlocker 1.9.1-x64 (Version: 1.9.1) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Vampire Editor VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Vistaprint Fotobücher Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) VLC media player 2.0.6 (Version: 2.0.6) VmciSockets (Version: 9.1.54.1) VMware Player (Version: 4.0.3.29699) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows XP Mode (Version: 1.3.7600.16422) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777) ==================== Restore Points ========================= 11-06-2013 20:52:30 Windows Update 15-06-2013 13:06:20 Windows Update 23-06-2013 18:43:19 Geplanter Prüfpunkt 24-06-2013 09:38:18 Installed Java 7 Update 25 26-06-2013 10:22:44 Windows Update 02-07-2013 12:56:35 Removed Adobe Media Player 02-07-2013 12:57:03 Removed Adobe® Content Viewer 02-07-2013 13:22:30 Removed Adobe Help Manager ==================== Hosts content: ========================== # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # # # 127.0.0.1 localhost ==================== Faulty Device Manager Devices ============= Name: NCP Secure Client Virtual NDIS6 Adapter Description: NCP Secure Client Virtual NDIS6 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ncp Service: ncplelhp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/02/2013 00:59:42 PM) (Source: DCOM) (User: ) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (07/02/2013 00:43:07 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:02:53 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/01/2013 11:00:43 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/01/2013 10:52:22 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/29/2013 10:50:05 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/29/2013 10:05:44 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:03:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:30 PM) (Source: ipnathlp) (User: ) Description: Error: (06/29/2013 10:01:23 PM) (Source: ipnathlp) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (07/02/2013 00:43:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 11:03:12 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:52:37 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:58:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:08:27 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (06/29/2013 07:36:57 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 08:42:32 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 08:53:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/28/2013 10:42:49 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/27/2013 05:26:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-02-20 19:22:40.185 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:40.162 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.487 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:37.466 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.657 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:34.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.729 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:31.708 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.706 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-20 19:22:28.686 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 8173.86 MB Available physical RAM: 5955.08 MB Total Pagefile: 16345.9 MB Available Pagefile: 14148.04 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (C) (Fixed) (Total:449.66 GB) (Free:329.86 GB) NTFS (Disk=0 Partition=3) Drive d: (D) (Fixed) (Total:465.76 GB) (Free:181.72 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6B355D14) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6B355D22) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ WLAN geht nur bis eingeschränkt. Egal ob ich das wlan hier nehme, oder das wlan über die Tethering Funktion meines Handys |
02.07.2013, 18:12 | #11 | |
/// the machine /// TB-Ausbilder | Keine InternetverbindungCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.07.2013, 08:19 | #12 |
| Keine Internetverbindung Bevor ich Combofix ausführe habe ich was anderes noch festgestellt: Beim Einstecken des USB kann man nicht mehr anklicken mit welchem Medium man diesen nun öffnen oder abspielen will. Code:
ATTFilter Der Datei ist kein Programm zum Ausführen dieser Aktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "Standartprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist. Edit: aso ne ich bin doof. Er löscht die selber -.- |
03.07.2013, 08:22 | #13 |
/// the machine /// TB-Ausbilder | Keine Internetverbindung Was macht Combofix?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.07.2013, 08:29 | #14 |
| Keine InternetverbindungCode:
ATTFilter ComboFix 13-07-02.03 - K.Badekow 03.07.2013 9:12.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8174.6529 [GMT 2:00] ausgef�hrt von:: c:\users\K.Badekow\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} FW: NCP Secure Entry Client *Disabled* {2E93E888-9DAC-5065-8626-9C7F7A0820C2} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere L�schungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\K.Badekow\AppData\Local\TempDIR c:\users\K.Badekow\AppData\Local\TempDIR\BetterInstaller.exe c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-03 bis 2013-07-03 )))))))))))))))))))))))))))))) . . 2013-07-03 07:18 . 2013-07-03 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-01 09:05 . 2013-07-01 09:05 -------- d-----w- C:\FRST 2013-06-27 19:03 . 2013-06-27 19:05 -------- d-----w- C:\tmp 2013-06-26 07:58 . 2013-06-26 07:58 -------- d-----w- c:\users\K.Badekow\AppData\Roaming\PDAppFlex 2013-06-26 07:37 . 2013-06-26 07:37 -------- d-----w- c:\users\K.Badekow\.android 2013-06-24 11:12 . 2013-06-24 11:12 -------- d-----w- c:\users\K.Badekow\AppData\Roaming\TERA 2013-06-24 09:39 . 2013-06-24 09:39 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-15 20:23 . 2013-06-15 20:24 -------- d-----w- c:\program files (x86)\PS3 Media Server 2013-06-11 17:32 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 17:32 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-11 17:32 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-11 17:32 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-11 17:32 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-11 17:32 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-11 17:32 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-11 17:31 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-11 17:31 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-11 17:31 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-11 17:31 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-11 17:31 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-11 17:31 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-11 17:31 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-11 17:31 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-11 17:31 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-11 17:31 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-11 17:31 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-11 17:31 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-05 04:24 . 2012-10-17 14:37 397312 ----a-w- c:\windows\SysWow64\TubeFinder.exe 2013-06-05 04:24 . 2013-06-05 04:24 -------- d-----w- c:\users\K.Badekow\AppData\Roaming\FreeFLVConverter 2013-06-05 04:24 . 2011-09-28 07:18 9728 ----a-w- c:\windows\SysWow64\PCCLPFR.DLL 2013-06-05 04:24 . 2011-09-28 07:18 84512 ----a-w- c:\windows\SysWow64\PICCLP32.OCX 2013-06-05 04:24 . 2011-09-28 07:18 364544 ----a-w- c:\windows\SysWow64\PropertyGrid.ocx 2013-06-05 04:24 . 2011-09-28 07:18 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL 2013-06-05 04:24 . 2011-09-28 07:18 24576 ----a-w- c:\windows\SysWow64\ControlSubX.ocx 2013-06-05 04:24 . 2011-09-28 07:18 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX 2013-06-05 04:24 . 2011-09-28 07:18 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL 2013-06-05 04:24 . 2011-09-28 07:18 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL 2013-06-05 04:24 . 2011-09-28 07:18 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2013-06-05 04:24 . 2013-06-05 04:24 -------- d-----w- c:\program files (x86)\Free FLV Converter . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-24 09:39 . 2012-02-16 19:43 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-06-24 09:39 . 2012-02-16 18:50 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-11 20:54 . 2012-01-10 18:35 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-11 19:17 . 2012-04-05 20:04 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 19:17 . 2012-02-16 18:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-25 19:44 . 2013-05-25 07:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0978923D-C8B1-4BB3-AB51-79F6BD5C6BEC}\offreg.dll 2013-05-13 23:48 . 2013-05-24 20:08 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0978923D-C8B1-4BB3-AB51-79F6BD5C6BEC}\mpengine.dll 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 14:21 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-30 04:54 . 2013-04-30 04:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-30 04:54 . 2013-04-30 04:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-30 04:54 . 2013-04-30 04:54 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 04:54 . 2013-04-30 04:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-30 04:54 . 2013-04-30 04:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-30 04:54 . 2013-04-30 04:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-30 04:54 . 2013-04-30 04:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-30 04:54 . 2013-04-30 04:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 04:54 . 2013-04-30 04:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-30 04:54 . 2013-04-30 04:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-30 04:54 . 2013-04-30 04:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-30 04:54 . 2013-04-30 04:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-30 04:54 . 2013-04-30 04:54 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-30 04:54 . 2013-04-30 04:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-30 04:54 . 2013-04-30 04:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-30 04:54 . 2013-04-30 04:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-30 04:54 . 2013-04-30 04:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 04:54 . 2013-04-30 04:54 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-30 04:54 . 2013-04-30 04:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-30 04:54 . 2013-04-30 04:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-30 04:54 . 2013-04-30 04:54 441856 ----a-w- c:\windows\system32\html.iec 2013-04-30 04:54 . 2013-04-30 04:54 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-30 04:54 . 2013-04-30 04:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-30 04:54 . 2013-04-30 04:54 235008 ----a-w- c:\windows\system32\url.dll 2013-04-30 04:54 . 2013-04-30 04:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-30 04:54 . 2013-04-30 04:54 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 04:54 . 2013-04-30 04:54 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-30 04:54 . 2013-04-30 04:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-30 04:54 . 2013-04-30 04:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-30 04:54 . 2013-04-30 04:54 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-30 04:54 . 2013-04-30 04:54 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 04:54 . 2013-04-30 04:54 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 04:54 . 2013-04-30 04:54 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-30 04:54 . 2013-04-30 04:54 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 04:54 . 2013-04-30 04:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 04:54 . 2013-04-30 04:54 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 04:54 . 2013-04-30 04:54 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-30 04:54 . 2013-04-30 04:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 04:54 . 2013-04-30 04:54 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-30 04:54 . 2013-04-30 04:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-30 04:54 . 2013-04-30 04:54 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 04:54 . 2013-04-30 04:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 04:54 . 2013-04-30 04:54 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-30 04:54 . 2013-04-30 04:54 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 04:54 . 2013-04-30 04:54 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-30 04:54 . 2013-04-30 04:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-30 04:54 . 2013-04-30 04:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-30 04:54 . 2013-04-30 04:54 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 04:54 . 2013-04-30 04:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 04:53 . 2013-04-30 04:53 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-04-30 04:53 . 2013-04-30 04:53 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-04-30 04:53 . 2013-04-30 04:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-04-30 04:53 . 2013-04-30 04:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-04-30 04:53 . 2013-04-30 04:53 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-04-30 04:53 . 2013-04-30 04:53 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-04-30 04:53 . 2013-04-30 04:53 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-04-30 04:53 . 2013-04-30 04:53 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-04-30 04:53 . 2013-04-30 04:53 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-04-30 04:53 . 2013-04-30 04:53 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-04-30 04:53 . 2013-04-30 04:53 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-04-30 04:53 . 2013-04-30 04:53 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-04-30 04:53 . 2013-04-30 04:53 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-04-30 04:53 . 2013-04-30 04:53 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-04-30 04:53 . 2013-04-30 04:53 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-04-30 04:53 . 2013-04-30 04:53 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2013-04-30 04:53 . 2013-04-30 04:53 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-04-30 04:53 . 2013-04-30 04:53 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-04-30 04:53 . 2013-04-30 04:53 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-04-30 04:53 . 2013-04-30 04:53 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2013-04-30 04:53 . 2013-04-30 04:53 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-04-30 04:53 . 2013-04-30 04:53 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2013-04-30 04:53 . 2013-04-30 04:53 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintr�ge & legitime Standardeintr�ge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}] 2011-12-28 13:21 128064 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-03-20 162856] "NcpBudgetGui"="c:\program files (x86)\NCP\SecureClient\NcpBudgetGui.exe" [2013-01-07 1001472] "NcpPopup"="c:\program files (x86)\NCP\SecureClient\ncppopup.exe" [2012-03-20 1011280] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656] "NcpRsuGui"="c:\program files (x86)\NCP\SecureClient\rwsrsu.exe" [2011-08-22 883792] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "RIMBBLaunchAgent.exe"=c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" /gui "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "NeroFilterCheck"=c:\program files (x86)\Common Files\Ahead\Lib\NeroCheck.exe "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide "KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe "DivXMediaServer"=c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 NcpSec;NCP Client PKI Support;c:\program files (x86)\NCP\SecureClient\NCPSEC.EXE;c:\program files (x86)\NCP\SecureClient\NCPSEC.EXE [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x] R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [x] R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 ncpfilt;NCP Filter;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x] R3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [x] S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x] S2 Lexware_Professional_Datenbank;Lexware Professional Datenbank;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [x] S2 ncpclcfg;NCP Client Configuration Support;c:\program files (x86)\NCP\SecureClient\ncpclcfg.exe;c:\program files (x86)\NCP\SecureClient\ncpclcfg.exe [x] S2 ncprwsnt;NCP Client VPN und Dialing Service;c:\program files (x86)\NCP\SecureClient\ncprwsnt.exe;c:\program files (x86)\NCP\SecureClient\ncprwsnt.exe [x] S2 rwsrsu;NCP Client Update Service;c:\program files (x86)\NCP\SecureClient\rwsrsu.exe;c:\program files (x86)\NCP\SecureClient\rwsrsu.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C60x64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:17] . 2013-07-03 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2013-05-02 13:39] . 2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job - c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2010-10-14 226784] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2013-04-13 170496] . ------- Zus�tzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - d:\pokerstars\PokerStarsUpdate.exe IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - d:\icq7.7\ICQ.exe LSP: %SystemRoot%\system32\vsocklib.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) . - - - - Entfernte verwaiste Registrierungseintr�ge - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-03 09:26:00 ComboFix-quarantined-files.txt 2013-07-03 07:26 . Vor Suchlauf: 16 Verzeichnis(se), 354.189.877.248 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 354.846.056.448 Bytes frei . - - End Of File - - 3986C4AC0997E4CF509CAACE7CA92575 A36C5E4F47E84449FF07ED3517B43A31 |
03.07.2013, 09:40 | #15 |
/// the machine /// TB-Ausbilder | Keine Internetverbindung Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. Was macht die Inet-Verbindung?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Keine Internetverbindung |
administrator, adobe, adobe flash player, avg, browser, canon, desktop, dll, download, explorer, farbar, farbar recovery scan tool, firefox, flash player, frst.txt, helper, html, koyote, microsoft, minidump, mozilla, pdf, plug-in, registry, rundll, scan, search the web, services.exe, software, svchost.exe, system, winlogon.exe, wlan |