| |
| |||||||
Log-Analyse und Auswertung: deltasearch - Fortfahren nach ADW-Cleaner/OTLWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.08.2013, 12:42
| #1 |
 |  deltasearch - Fortfahren nach ADW-Cleaner/OTL Hallo ihr lieben, ich hab mir (mal wieder) den deltasearch eingefangen. Wie beim letzten mal bin ich zuerst mit dem adwcleaner drüber. Log: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 04/08/2013 um 11:15:27 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Babuu - BABUU-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Babuu\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\searchplugins\Babylon.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Babuu\AppData\Roaming\SpeedAnalysis2
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DBB6CE-3148-4FEC-B481-103CB3290427}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b538ddcb73abf47
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\prefs.js
C:\Users\Babuu\AppData\Roaming\Mozilla\Firefox\Profiles\a79pj5qc.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2370] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=0EC5E6469AA57608&affID=119654&tsp=[...]
Gelöscht [l.2964] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=0EC5E6469AA[...]
*************************
AdwCleaner[S1].txt - [3941 octets] - [04/08/2013 11:15:27]
########## EOF - C:\AdwCleaner[S1].txt - [4001 octets] ##########
Estras: Code:
ATTFilter OTL Extras logfile created on: 8/4/2013 11:22:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babuu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.78% Memory free
15.96 Gb Paging File | 14.34 Gb Available in Paging File | 89.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.40 Gb Total Space | 849.18 Gb Free Space | 92.46% Space Free | Partition Type: NTFS
Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 14.83 Gb Total Space | 0.22 Gb Free Space | 1.49% Space Free | Partition Type: FAT32
Computer Name: BABUU-HP | User Name: Babuu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Babuu\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Babuu\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0305ECD4-3FB9-4DFB-8B63-0203ED8B2EF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{04095E83-598F-46E3-91EC-6907B98F454B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06820504-F4E1-4C4B-BB52-C454A4D173B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EEB8006-6F93-49EC-A12F-3E79456411AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{2419A4E9-F1D2-438C-A8E4-4B87C7F919F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{29C067B2-5760-4608-BADD-AA4F0B6444F6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C45D3BF-9864-4CB7-A2F3-6EA94FB23108}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E116AF8-909B-4CBB-9A52-BEE353D60176}" = rport=10243 | protocol=6 | dir=out | app=system |
"{657A566F-6C1E-40E4-9D27-50EC86A54CB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{688E4960-6888-4E3E-B7ED-6036662CDEF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75517889-FE84-4B4B-9EE3-BEBF48102075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77CBB400-443A-4A4C-B88A-504B929F7CC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{82F43524-DDCB-4601-9C28-D170429322A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83CAE090-B894-4C55-BD53-68FECDB604F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{862035EE-3B69-486B-AC7F-FE1FE3A7AAEC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{895464B9-E984-4523-BA20-46C6AF905CA3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{95218524-BBD1-43DF-AE45-EE7C1FBA8735}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9823F1A4-9E9B-4CA8-9739-C71149CC4B33}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A20FE99-5F33-4DFA-BC5C-AB3E3EDA5954}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1D53D43-791A-4761-B03B-BCF6E20A7505}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A33AB0A6-3655-403F-AE90-78BA41C0FEC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A37B91E7-49FD-4247-875B-C9D62E985A37}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B91898E9-72D9-4DC1-A4D5-7759593945EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA15DEB9-75E8-417C-BAC0-B3ED94643415}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB394460-144D-4F60-962B-C17487D69A74}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF1085B8-C702-42CE-9A2F-2DF46CBB8FFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{D03DE6C8-F503-4036-AECD-E1B898835AF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D05AF2F7-7C28-4A42-B7B1-A47C226E5FC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA08B39C-1C7C-4108-834A-5ACDB6AE336F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE5A1545-A408-4327-A1A5-42C8B396A4EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC9B3F55-8A73-4E6E-804F-8A7DC1FB954A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8B2975A-0907-49F5-AF1F-844E455198F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FCE1A036-AB74-4D2B-905D-B4ADA99B2158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035318EA-0985-4A41-8FED-1346D36F6E2D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06EAF4C8-47CD-45B8-8903-16490A349E5C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08E35DD6-1FC2-4825-8152-5E5826516882}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DF946B0-EBA5-4681-A480-A1A0A937C567}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{118F7F4C-49B6-4851-A128-1077B1D5971C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{183EFB62-95A1-4A9F-96C3-E5EB832BC5AD}" = protocol=6 | dir=out | app=system |
"{231EA630-747C-4485-85C3-B35F99F5EA12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{24A9678A-FA27-4371-B1B3-CEEF5628AAA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DEBD358-7CF7-435C-9B15-6E38C5BE6DAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{33B9D662-C952-47B0-BBF9-0374F21D06C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4D46ECEB-5B77-473E-A874-9A22C621B8F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50D36FC7-98D1-4D0C-9DE1-446F9DE1DE06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54267206-3CAF-4898-B072-BA1FDCD57B12}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{5AB08F84-83BD-4C98-8A9B-84D77B992A9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5C04822B-440B-4767-AD5B-0E5759F0A0A9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6042B43B-1610-48FD-8C21-CFA4512B64CB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{6087CF76-5446-4B46-B06E-375827610A38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71C18379-F7C6-408B-A9E8-DCF186513CFC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7866CA87-1327-40B0-8E05-337FA3DCB448}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{8073321B-CD10-4247-A399-4D842C2CA52A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{894E5A82-0398-4A80-9EBF-EB72C078DA20}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9179C66B-A146-4949-B64E-F8402CBADC4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99749EFB-1B5D-4A18-95AC-11B8040E17FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A288B48A-AFE3-4239-98EF-70AE842560E0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6DE5228-4F61-476C-9030-813F68B528E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE429EA4-9C4D-4E21-BF69-3A7E61605413}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{B5344A58-CE55-47E5-AEBF-241B77721B67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8EAA934-BF06-400D-A1F5-F2F9F0DDBFFB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{D7FD3CA6-DDE1-4581-BDA5-A7664EC4D74D}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E7261B88-E04D-452E-80A7-03CF965653F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEBD81D8-2348-433F-BDA4-0C5BF8033B4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F1B43A5E-6647-4AA5-AC01-E3293675FD84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F59DF94F-3705-44E9-8CB9-01401B7E1457}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"TCP Query User{3A81C874-D86D-45B8-9501-79538D6F5618}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"UDP Query User{46D580D6-A12A-45A5-9236-A4793B2AF776}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.95
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{50DE8CAF-EF44-40F5-A48E-22BD08492284}" = PE-DESIGN Lite
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D26F9059-EDE3-4C80-B793-04AE9143F779}" = eM Client
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires" = Microsoft Age of Empires
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenuEX" = Canon Solution Menu EX
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"Embird 2010" = Embird 2010
"ESET Online Scanner" = ESET Online Scanner v3
"fdrawcmd" = Fdrawcmd.sys 1.0.1.10
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"McAfee Security Scan" = McAfee Security Scan Plus
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-047dcbd1-d85d-4e95-a4af-207b7780ecad" = Mah Jong Medley
"WTA-0896344f-517d-4f48-870f-ede04ff58a48" = FATE
"WTA-091af0d4-5116-4bfa-a996-3ae8c1f988dd" = Zuma Deluxe
"WTA-0d9353ae-4d48-4db4-bcfa-4a3b1e8750c4" = Farm Frenzy
"WTA-14685520-365c-4fcf-8a1f-c78fa2925611" = Mystery of Mortlake Mansion
"WTA-1cba82d2-e1aa-4023-b932-88a5398ff84c" = Penguins!
"WTA-24cc89b3-5ebd-4b94-a1fb-5aebd624ec62" = Chronicles of Albian
"WTA-2c8e2bbe-6a57-4e93-bc16-34c730f92168" = Vacation Quest - The Hawaiian Islands
"WTA-35a8be29-cf49-40f7-b9c1-0995ff938732" = Virtual Villagers - The Secret City
"WTA-3f17b283-7ae6-483c-8923-a8665eb1c4fd" = Jewel Quest Solitaire
"WTA-61653620-877d-4f2d-b338-50f94a8e5423" = Slingo Deluxe
"WTA-79303f1d-a987-4047-bb0a-29a4078aa964" = Bejeweled 3
"WTA-7ac1bf3f-e888-47f1-a2d7-5e3d25b7119a" = Agatha Christie - Peril at End House
"WTA-93db79b4-585c-4c4f-b6ac-0c0e96ec3fb8" = Polar Bowler
"WTA-a0874fd5-b427-4ed4-bf74-6cddd51e540f" = Cradle of Rome 2
"WTA-aa6241aa-1e52-4fe6-af51-f55bedc48356" = Bounce Symphony
"WTA-b2ac85e5-bbe8-4051-a47e-9562d1f2fee1" = Governor of Poker 2 Premium Edition
"WTA-e4717af7-c6e7-4323-9359-c3783f9400d3" = Plants vs. Zombies - Game of the Year
"WTA-e8c59721-78e5-4204-8c7f-b05f7d92e05c" = Chuzzle Deluxe
"WTA-eaa60950-b24b-4403-a53b-71013acb732a" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-f36803df-0f34-48f5-99af-35801e20a458" = Namco All-Stars: PAC-MAN
"WTA-f507f17e-f1d3-4f12-9965-fdf13d9e23ff" = Cake Mania
"WTA-f7a19f8c-ea64-40b3-b8b7-41a82ebaa0c8" = Blasterball 3
"ZinioReader4" = Zinio Reader 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/14/2013 4:27:11 AM | Computer Name = Babuu-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msfeedssync.exe, Version: 10.0.9200.16521,
Zeitstempel: 0x51207e1c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000264 Fehleroffset: 0x00000000000cd7d8
ID
des fehlerhaften Prozesses: 0x3f7c Startzeit der fehlerhaften Anwendung: 0x01ce806be14ef91e
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\msfeedssync.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2dbbbb92-ec5f-11e2-8869-082e5f11ded9
Error - 7/14/2013 7:29:52 AM | Computer Name = Babuu-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
0x40b1ac24 Name des fehlerhaften Moduls: Iedit.exe, Version: 8.5.3.0, Zeitstempel:
0x40b1ac24 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002de8c7 ID des fehlerhaften Prozesses:
0x6010 Startzeit der fehlerhaften Anwendung: 0x01ce808458007aeb Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact XL\Iedit.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Ulead Systems\Ulead PhotoImpact
XL\Iedit.exe Berichtskennung: b303b637-ec78-11e2-8869-082e5f11ded9
Error - 7/14/2013 12:55:56 PM | Computer Name = Babuu-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/14/2013 1:04:00 PM | Computer Name = Babuu-HP | Source = Windows Backup | ID = 4103
Description =
Error - 7/15/2013 1:50:52 AM | Computer Name = Babuu-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/15/2013 3:03:26 AM | Computer Name = Babuu-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/17/2013 9:04:35 AM | Computer Name = Babuu-HP | Source = MsiInstaller | ID = 11722
Description =
Error - 7/17/2013 9:28:11 AM | Computer Name = Babuu-HP | Source = MsiInstaller | ID = 11722
Description =
Error - 7/18/2013 4:12:43 AM | Computer Name = Babuu-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 7/20/2013 2:46:35 PM | Computer Name = Babuu-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Hewlett-Packard Events ]
Error - 4/1/2012 1:56:12 PM | Computer Name = Babuu-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Das Objekt "/f14de69b_b5aa_45f0_b00a_20253c0307a0/5mrkqgfbxwle7jmtqzodprkk_5.rem"
wurde getrennt oder ist nicht auf dem Server vorhanden. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 8172 Ram Utilization: 10 TargetSite: Void UpdateDetail(System.String)
[ Media Center Events ]
Error - 7/27/2013 2:54:45 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 08:54:45 - Fehler beim Herstellen der Internetverbindung. 08:54:45
- Serververbindung konnte nicht hergestellt werden..
Error - 7/27/2013 2:54:50 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 08:54:50 - Fehler beim Herstellen der Internetverbindung. 08:54:50
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 1:55:30 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 07:55:30 - Fehler beim Herstellen der Internetverbindung. 07:55:30
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 1:55:37 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 07:55:35 - Fehler beim Herstellen der Internetverbindung. 07:55:35
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 2:55:42 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 08:55:42 - Fehler beim Herstellen der Internetverbindung. 08:55:42
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 2:55:47 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 08:55:47 - Fehler beim Herstellen der Internetverbindung. 08:55:47
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 3:55:52 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 09:55:52 - Fehler beim Herstellen der Internetverbindung. 09:55:52
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 3:55:57 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 09:55:57 - Fehler beim Herstellen der Internetverbindung. 09:55:57
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 4:56:02 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 10:56:02 - Fehler beim Herstellen der Internetverbindung. 10:56:02
- Serververbindung konnte nicht hergestellt werden..
Error - 7/28/2013 4:56:08 AM | Computer Name = Babuu-HP | Source = MCUpdate | ID = 0
Description = 10:56:07 - Fehler beim Herstellen der Internetverbindung. 10:56:07
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 7/17/2013 8:57:35 AM | Computer Name = Babuu-HP | Source = DCOM | ID = 10001
Description =
Error - 7/18/2013 3:05:03 AM | Computer Name = Babuu-HP | Source = DCOM | ID = 10001
Description =
Error - 7/18/2013 9:32:00 AM | Computer Name = Babuu-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2013 um 15:00:35 unerwartet heruntergefahren.
Error - 7/19/2013 2:57:54 AM | Computer Name = Babuu-HP | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{EDB13B49-2FE3-4A81-A3BD-F8BFA44279A3} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 7/20/2013 4:45:43 AM | Computer Name = Babuu-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?07.?2013 um 10:44:13 unerwartet heruntergefahren.
Error - 7/30/2013 1:57:45 PM | Computer Name = Babuu-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?30.?07.?2013 um 19:56:23 unerwartet heruntergefahren.
Error - 8/1/2013 1:49:56 PM | Computer Name = Babuu-HP | Source = DCOM | ID = 10010
Description =
Error - 8/4/2013 4:32:22 AM | Computer Name = Babuu-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?08.?2013 um 10:30:13 unerwartet heruntergefahren.
Error - 8/4/2013 4:43:26 AM | Computer Name = Babuu-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?08.?2013 um 10:41:54 unerwartet heruntergefahren.
Error - 8/4/2013 5:12:10 AM | Computer Name = Babuu-HP | Source = Service Control Manager | ID = 7031
Description = Der Dienst "WebCakeUpdater" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter OTL logfile created on: 8/4/2013 11:22:06 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babuu\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.98 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 79.78% Memory free 15.96 Gb Paging File | 14.34 Gb Available in Paging File | 89.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.40 Gb Total Space | 849.18 Gb Free Space | 92.46% Space Free | Partition Type: NTFS Drive D: | 13.01 Gb Total Space | 1.60 Gb Free Space | 12.30% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 14.83 Gb Total Space | 0.22 Gb Free Space | 1.49% Space Free | Partition Type: FAT32 Computer Name: BABUU-HP | User Name: Babuu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/04 11:20:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babuu\Downloads\OTL.exe PRC - [2013/06/26 12:29:59 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/06/26 12:29:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/06/26 12:29:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012/08/13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/06/09 15:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/06/09 15:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/03/30 10:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/02/01 09:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 09:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/01/04 16:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe PRC - [2010/08/04 15:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2003/11/19 14:03:40 | 000,045,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/01/04 16:34:12 | 004,545,024 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ========== Services (SafeList) ========== SRV - [2013/06/26 12:29:59 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/06/26 12:29:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/06/11 23:40:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/06/09 15:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/05/06 02:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/03/30 10:41:10 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/03/02 07:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 20:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/24 10:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011/02/01 09:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 09:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/10/11 12:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/09/22 00:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010/08/04 15:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/22 21:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2010/03/18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/19 19:31:28 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013/05/19 19:31:28 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/05/19 19:31:27 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/11 04:35:26 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2012/02/11 04:13:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/02/11 04:13:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/22 12:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/03 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 13:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/11 02:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2010/07/27 20:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/07/27 20:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/09/28 05:09:50 | 000,032,408 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd) DRV:64bit: - [2008/05/15 03:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV:64bit: - [2006/10/27 10:49:44 | 000,025,600 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bucrw64.sys -- (busbcrw) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{6D1C4F59-012F-440C-B947-AA9319265BEB}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-722544647-917449935-176176110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Babuu\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) [2012/08/05 22:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Extensions [2013/08/04 11:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babuu\AppData\Roaming\mozilla\Firefox\Profiles\a79pj5qc.default\extensions [2013/08/03 18:13:49 | 000,000,000 | ---D | M] (Zula Games) -- C:\Users\Babuu\AppData\Roaming\mozilla\Firefox\Profiles\a79pj5qc.default\extensions\zulagames@ZulaGames.com [2012/11/20 15:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/08/05 22:09:19 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Babuu\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Zula Games = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn\1.0.0.5_0\ CHR - Extension: Website Logon = C:\Users\Babuu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe\1.0_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-722544647-917449935-176176110-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Babuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-722544647-917449935-176176110-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB13B49-2FE3-4A81-A3BD-F8BFA44279A3}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/03 18:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013/08/03 18:14:19 | 000,019,456 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013/08/03 18:13:49 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\zulagames [2013/07/17 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Roaming\Avery [2013/07/14 19:38:31 | 000,000,000 | ---D | C] -- C:\Users\Babuu\AppData\Local\Microsoft Help [2013/07/14 19:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013/07/12 10:59:31 | 000,000,000 | ---D | C] -- C:\Users\Babuu\StoffeShop [2013/07/11 20:27:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/07/11 20:27:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/07/11 20:27:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/07/11 20:27:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/07/11 20:27:20 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/07/11 20:27:20 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/07/11 20:27:20 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/07/11 20:27:20 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/07/11 20:27:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/07/11 20:27:20 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/07/11 20:27:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/07/11 20:27:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/07/11 20:27:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/07/11 20:27:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/07/11 20:27:19 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/07/11 11:13:05 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/07/11 11:13:05 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/07/11 11:13:04 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/07/11 11:13:04 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/07/11 11:12:30 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/07/09 19:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery ========== Files - Modified Within 30 Days ========== [2013/08/04 11:24:56 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/04 11:24:56 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/04 11:22:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000UA.job [2013/08/04 11:17:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/08/04 11:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/08/04 11:16:54 | 2132,406,271 | -HS- | M] () -- C:\hiberfil.sys [2013/08/04 11:16:01 | 000,000,195 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/08/04 11:06:59 | 000,001,122 | ---- | M] () -- C:\Users\Babuu\Desktop\Continue Zip Opener Installation.lnk [2013/08/04 10:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/08/04 10:32:34 | 000,393,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/08/04 10:28:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/08/03 09:22:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-722544647-917449935-176176110-1000Core.job [2013/08/01 15:13:17 | 000,004,918 | ---- | M] () -- C:\Windows\ULEAD32.INI [2013/07/31 07:27:59 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/31 07:27:59 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/31 07:27:59 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/31 07:27:59 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/31 07:27:59 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/29 18:13:31 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBabuu.job [2013/07/27 13:10:00 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit.INI [2013/07/19 20:16:56 | 000,881,664 | ---- | M] () -- C:\Users\Babuu\Documents\visitenkarten4..1zdl.zdl [2013/07/19 17:00:38 | 001,752,064 | ---- | M] () -- C:\Users\Babuu\Documents\visitenkarten4.zdl [2013/07/19 16:49:47 | 000,882,176 | ---- | M] () -- C:\Users\Babuu\Documents\visitenkarten3.zdl [2013/07/19 16:30:52 | 000,881,664 | ---- | M] () -- C:\Users\Babuu\Documents\visitenkarten2.zdl [2013/07/19 15:59:09 | 000,881,152 | ---- | M] () -- C:\Users\Babuu\Documents\Visitenkarten.zdl [2013/07/17 22:08:45 | 000,881,152 | ---- | M] () -- C:\Users\Babuu\Visitenkarten.zdl [2013/07/17 15:54:21 | 000,067,990 | ---- | M] () -- C:\Users\Babuu\visitenkarte.jpg [2013/07/15 23:09:32 | 000,012,899 | ---- | M] () -- C:\Users\Babuu\Tod.jpg [2013/07/15 18:55:39 | 000,042,030 | ---- | M] () -- C:\Users\Babuu\Auraneu.jpg [2013/07/15 18:51:28 | 000,055,279 | ---- | M] () -- C:\Users\Babuu\Shanti.jpg [2013/07/15 18:50:40 | 000,081,622 | ---- | M] () -- C:\Users\Babuu\aura.jpg [2013/07/15 18:50:31 | 000,059,873 | ---- | M] () -- C:\Users\Babuu\Nala.jpg [2013/07/12 20:52:25 | 000,023,359 | ---- | M] () -- C:\Users\Babuu\Logotest2.1pink1-schriftneudawanda.jpg [2013/07/12 20:17:40 | 000,039,053 | ---- | M] () -- C:\Users\Babuu\Logotest2.1pink1-schriftneu.jpg [2013/07/12 20:15:24 | 000,039,170 | ---- | M] () -- C:\Users\Babuu\Logotest2.1pink1-schrift.jpg [2013/07/12 20:02:23 | 000,036,810 | ---- | M] () -- C:\Users\Babuu\Logotest2.1pink1.jpg [2013/07/12 20:00:39 | 000,036,895 | ---- | M] () -- C:\Users\Babuu\Logotest2.1pink.jpg [2013/07/12 19:11:18 | 000,037,073 | ---- | M] () -- C:\Users\Babuu\Logotest2.1.jpg [2013/07/12 11:01:14 | 000,063,885 | ---- | M] () -- C:\Users\Babuu\h630.jpg [2013/07/11 15:33:55 | 000,036,983 | ---- | M] () -- C:\Users\Babuu\HintergrundLilberries2.jpg [2013/07/11 15:32:04 | 000,298,928 | ---- | M] () -- C:\Users\Babuu\HintergrundLilberries.jpg [2013/07/10 13:05:11 | 000,127,242 | ---- | M] () -- C:\Users\Babuu\ÜbergaberechtKatzen.pdf [2013/07/09 20:14:05 | 000,037,045 | ---- | M] () -- C:\Users\Babuu\karte2.jpg [2013/07/09 20:11:01 | 000,047,778 | ---- | M] () -- C:\Users\Babuu\karte1.jpg [2013/07/09 19:25:26 | 000,008,097 | ---- | M] () -- C:\Users\Babuu\TestVisi.jpg [2013/07/07 09:16:52 | 000,002,356 | ---- | M] () -- C:\Users\Babuu\Desktop\google.lnk [2013/07/05 14:28:56 | 000,069,995 | ---- | M] () -- C:\Users\Babuu\Flynnjuli.05.2.jpg [2013/07/05 14:28:35 | 000,073,477 | ---- | M] () -- C:\Users\Babuu\flynnjuli.05.jpg ========== Files Created - No Company Name ========== [2013/08/04 11:06:59 | 000,001,122 | ---- | C] () -- C:\Users\Babuu\Desktop\Continue Zip Opener Installation.lnk [2013/07/19 20:16:56 | 000,881,664 | ---- | C] () -- C:\Users\Babuu\Documents\visitenkarten4..1zdl.zdl [2013/07/19 16:54:15 | 001,752,064 | ---- | C] () -- C:\Users\Babuu\Documents\visitenkarten4.zdl [2013/07/19 16:49:46 | 000,882,176 | ---- | C] () -- C:\Users\Babuu\Documents\visitenkarten3.zdl [2013/07/19 16:30:52 | 000,881,664 | ---- | C] () -- C:\Users\Babuu\Documents\visitenkarten2.zdl [2013/07/19 15:59:09 | 000,881,152 | ---- | C] () -- C:\Users\Babuu\Documents\Visitenkarten.zdl [2013/07/17 22:08:44 | 000,881,152 | ---- | C] () -- C:\Users\Babuu\Visitenkarten.zdl [2013/07/17 15:54:21 | 000,067,990 | ---- | C] () -- C:\Users\Babuu\visitenkarte.jpg [2013/07/15 23:03:29 | 000,012,899 | ---- | C] () -- C:\Users\Babuu\Tod.jpg [2013/07/15 18:55:39 | 000,042,030 | ---- | C] () -- C:\Users\Babuu\Auraneu.jpg [2013/07/15 18:51:28 | 000,055,279 | ---- | C] () -- C:\Users\Babuu\Shanti.jpg [2013/07/15 18:50:40 | 000,081,622 | ---- | C] () -- C:\Users\Babuu\aura.jpg [2013/07/15 18:50:31 | 000,059,873 | ---- | C] () -- C:\Users\Babuu\Nala.jpg [2013/07/12 20:52:25 | 000,023,359 | ---- | C] () -- C:\Users\Babuu\Logotest2.1pink1-schriftneudawanda.jpg [2013/07/12 20:17:39 | 000,039,053 | ---- | C] () -- C:\Users\Babuu\Logotest2.1pink1-schriftneu.jpg [2013/07/12 20:15:22 | 000,039,170 | ---- | C] () -- C:\Users\Babuu\Logotest2.1pink1-schrift.jpg [2013/07/12 20:02:22 | 000,036,810 | ---- | C] () -- C:\Users\Babuu\Logotest2.1pink1.jpg [2013/07/12 20:00:36 | 000,036,895 | ---- | C] () -- C:\Users\Babuu\Logotest2.1pink.jpg [2013/07/12 19:10:13 | 000,037,073 | ---- | C] () -- C:\Users\Babuu\Logotest2.1.jpg [2013/07/12 11:01:14 | 000,063,885 | ---- | C] () -- C:\Users\Babuu\h630.jpg [2013/07/11 15:33:55 | 000,036,983 | ---- | C] () -- C:\Users\Babuu\HintergrundLilberries2.jpg [2013/07/11 15:29:25 | 000,298,928 | ---- | C] () -- C:\Users\Babuu\HintergrundLilberries.jpg [2013/07/10 13:05:09 | 000,127,242 | ---- | C] () -- C:\Users\Babuu\ÜbergaberechtKatzen.pdf [2013/07/09 20:14:05 | 000,037,045 | ---- | C] () -- C:\Users\Babuu\karte2.jpg [2013/07/09 20:11:01 | 000,047,778 | ---- | C] () -- C:\Users\Babuu\karte1.jpg [2013/07/09 19:20:40 | 000,008,097 | ---- | C] () -- C:\Users\Babuu\TestVisi.jpg [2013/07/05 14:28:56 | 000,069,995 | ---- | C] () -- C:\Users\Babuu\Flynnjuli.05.2.jpg [2013/07/05 14:28:35 | 000,073,477 | ---- | C] () -- C:\Users\Babuu\flynnjuli.05.jpg [2013/07/03 13:50:30 | 000,062,039 | ---- | C] () -- C:\Users\Babuu\Manupp.jpg [2013/07/01 15:16:00 | 000,067,459 | ---- | C] () -- C:\Users\Babuu\Fridabeide2.jpg [2013/07/01 14:20:19 | 000,064,922 | ---- | C] () -- C:\Users\Babuu\Fridabeide.jpg [2013/06/30 13:53:36 | 000,049,237 | ---- | C] () -- C:\Users\Babuu\Rebellanotizbuch.jpg [2013/06/28 23:43:28 | 000,094,288 | ---- | C] () -- C:\Users\Babuu\logoblogneu.jpg [2013/06/28 23:35:40 | 000,263,680 | ---- | C] () -- C:\Users\Babuu\logotestufoneu.ufo [2013/06/28 23:32:27 | 000,186,368 | ---- | C] () -- C:\Users\Babuu\Erdbeerelogoufo.ufo [2013/06/28 23:22:58 | 000,095,013 | ---- | C] () -- C:\Users\Babuu\LogoneuBlog.jpg [2013/06/28 22:17:07 | 000,013,681 | ---- | C] () -- C:\Users\Babuu\fbavaneu.jpg [2013/06/28 22:14:32 | 000,084,443 | ---- | C] () -- C:\Users\Babuu\Logoneu.jpg [2013/06/28 22:09:25 | 000,084,447 | ---- | C] () -- C:\Users\Babuu\Logotest2.jpg [2013/06/28 21:52:01 | 000,083,585 | ---- | C] () -- C:\Users\Babuu\Logotest.jpg [2013/06/28 20:26:30 | 000,065,397 | ---- | C] () -- C:\Users\Babuu\ConnyMäpp.jpg [2013/06/28 11:13:16 | 000,199,999 | ---- | C] () -- C:\Users\Babuu\vichyrosa.jpg [2013/06/28 11:12:14 | 000,171,514 | ---- | C] () -- C:\Users\Babuu\vichygrün.jpg [2013/06/28 11:08:42 | 000,114,701 | ---- | C] () -- C:\Users\Babuu\nora.jpg [2013/06/28 11:07:37 | 000,205,756 | ---- | C] () -- C:\Users\Babuu\abverkauf2.jpg [2013/06/28 11:06:57 | 000,141,169 | ---- | C] () -- C:\Users\Babuu\abverkauf1.jpg [2013/06/28 10:18:38 | 000,007,884 | ---- | C] () -- C:\Users\Babuu\Ettikett.jpg [2013/06/25 08:01:16 | 000,071,123 | ---- | C] () -- C:\Users\Babuu\beate12 - Kopie.jpg [2013/06/24 19:54:00 | 000,044,801 | ---- | C] () -- C:\Users\Babuu\beate18.jpg [2013/06/24 19:53:27 | 000,072,080 | ---- | C] () -- C:\Users\Babuu\beate17.jpg [2013/06/24 19:52:25 | 000,043,673 | ---- | C] () -- C:\Users\Babuu\beate16.jpg [2013/06/24 19:52:01 | 000,042,072 | ---- | C] () -- C:\Users\Babuu\beate15.jpg [2013/06/24 19:49:29 | 000,054,377 | ---- | C] () -- C:\Users\Babuu\beate11.jpg [2013/06/24 19:49:04 | 000,059,752 | ---- | C] () -- C:\Users\Babuu\beate10.jpg [2013/06/24 19:48:41 | 000,057,615 | ---- | C] () -- C:\Users\Babuu\beate9.jpg [2013/06/24 19:48:02 | 000,077,634 | ---- | C] () -- C:\Users\Babuu\beate7.jpg [2013/06/24 19:47:36 | 000,580,096 | ---- | C] () -- C:\Users\Babuu\beate8.ufo [2013/06/24 19:47:10 | 000,444,928 | ---- | C] () -- C:\Users\Babuu\beate7.ufo [2013/06/24 19:43:26 | 000,053,734 | ---- | C] () -- C:\Users\Babuu\beate6.jpg [2013/06/24 19:42:49 | 000,040,110 | ---- | C] () -- C:\Users\Babuu\beate5.jpg [2013/06/24 19:41:58 | 000,064,346 | ---- | C] () -- C:\Users\Babuu\beate3.jpg [2013/06/24 19:41:26 | 000,067,290 | ---- | C] () -- C:\Users\Babuu\beate2.jpg [2013/06/24 19:40:33 | 000,101,795 | ---- | C] () -- C:\Users\Babuu\beate1.jpg [2013/06/20 17:02:33 | 000,066,783 | ---- | C] () -- C:\Users\Babuu\Penelope3.jpg [2013/06/20 17:02:17 | 000,068,466 | ---- | C] () -- C:\Users\Babuu\Penelope2.jpg [2013/06/20 17:01:44 | 000,071,484 | ---- | C] () -- C:\Users\Babuu\Penelope1.jpg [2013/06/18 22:33:57 | 000,037,123 | ---- | C] () -- C:\Users\Babuu\Bannerdawanda.jpg [2013/06/18 22:07:54 | 000,006,954 | ---- | C] () -- C:\Users\Babuu\fbava.jpg [2013/06/18 22:03:13 | 000,062,516 | ---- | C] () -- C:\Users\Babuu\Bloglogo.jpg [2013/06/18 21:50:29 | 000,000,577 | ---- | C] () -- C:\Users\Babuu\Computer - Verknüpfung.lnk [2013/06/17 18:55:56 | 000,064,755 | ---- | C] () -- C:\Users\Babuu\klee.jpg [2013/06/17 18:24:48 | 000,044,427 | ---- | C] () -- C:\Users\Babuu\stoff2.jpg [2013/06/14 18:29:59 | 000,030,288 | ---- | C] () -- C:\Users\Babuu\Bannerfblooks.jpg [2013/06/14 16:51:03 | 000,085,463 | ---- | C] () -- C:\Users\Babuu\conny2.jpg [2013/06/13 00:03:16 | 000,083,926 | ---- | C] () -- C:\Users\Babuu\Fridat.jpg [2013/06/12 20:58:51 | 000,081,040 | ---- | C] () -- C:\Users\Babuu\frida2.jpg [2013/06/12 20:58:30 | 000,095,896 | ---- | C] () -- C:\Users\Babuu\frida1.jpg [2013/06/07 19:49:43 | 000,233,075 | ---- | C] () -- C:\Users\Babuu\selina.jpg [2013/05/10 14:45:54 | 000,156,758 | ---- | C] () -- C:\Users\Babuu\Kidsbanner.jpg [2013/05/06 19:33:59 | 000,206,886 | ---- | C] () -- C:\Users\Babuu\gurt.jpg [2013/04/24 20:56:02 | 000,242,966 | ---- | C] () -- C:\Users\Babuu\Koffer2.2.jpg [2013/04/24 20:55:50 | 000,232,610 | ---- | C] () -- C:\Users\Babuu\koffer2.1.jpg [2013/04/24 11:55:46 | 000,213,315 | ---- | C] () -- C:\Users\Babuu\deckel.jpg [2013/04/19 21:38:40 | 000,291,720 | ---- | C] () -- C:\Users\Babuu\Pferddigi.jpg [2013/04/18 10:21:08 | 000,000,005 | ---- | C] () -- C:\Users\Babuu\AppData\Roaming\mbam.context.scan [2013/03/28 19:42:36 | 000,005,262 | ---- | C] () -- C:\Users\Babuu\Sabinea.jpg [2013/03/27 09:52:36 | 000,018,679 | ---- | C] () -- C:\Users\Babuu\Sonne.jpg [2013/03/25 14:56:14 | 000,003,502 | ---- | C] () -- C:\Users\Babuu\böse.jpg [2013/03/20 18:30:31 | 000,018,221 | ---- | C] () -- C:\Users\Babuu\Maus.jpg [2013/03/02 20:49:17 | 000,044,691 | ---- | C] () -- C:\Users\Babuu\Couch.jpg [2013/03/01 20:27:06 | 000,044,063 | ---- | C] () -- C:\Users\Babuu\monsta.jpg [2013/02/28 21:39:05 | 000,013,264 | ---- | C] () -- C:\Users\Babuu\pferd2.jpg [2013/02/25 21:25:34 | 000,059,229 | ---- | C] () -- C:\Users\Babuu\Knuddies.jpg [2013/02/23 19:33:28 | 000,035,375 | ---- | C] () -- C:\Users\Babuu\Garderobe.jpg [2013/02/22 22:10:09 | 000,084,022 | ---- | C] () -- C:\Users\Babuu\Pferdklein.jpg [2013/02/22 20:40:12 | 000,068,227 | ---- | C] () -- C:\Users\Babuu\Pferd1.1.jpg [2013/02/22 18:48:45 | 000,085,259 | ---- | C] () -- C:\Users\Babuu\Pferd.jpg [2013/02/21 19:03:30 | 000,047,299 | ---- | C] () -- C:\Users\Babuu\Wurmtest.jpg [2013/02/19 20:07:15 | 000,031,123 | ---- | C] () -- C:\Users\Babuu\Tattoofarbe.jpg [2013/02/19 18:41:01 | 000,032,707 | ---- | C] () -- C:\Users\Babuu\Tattoonew.jpg [2013/02/17 23:08:50 | 000,003,898 | ---- | C] () -- C:\Users\Babuu\tattooneu.jpg [2013/02/17 23:01:48 | 000,007,594 | ---- | C] () -- C:\Users\Babuu\tattoo.jpg [2013/02/17 22:55:11 | 000,005,280 | ---- | C] () -- C:\Users\Babuu\testxy.jpg [2013/02/17 22:38:16 | 000,006,071 | ---- | C] () -- C:\Users\Babuu\test2.jpg [2013/02/17 22:37:39 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\test1.jpg [2013/02/17 22:36:52 | 000,005,200 | ---- | C] () -- C:\Users\Babuu\test5.jpg [2013/02/17 22:34:58 | 000,004,589 | ---- | C] () -- C:\Users\Babuu\test4.jpg [2013/02/17 22:34:25 | 000,004,252 | ---- | C] () -- C:\Users\Babuu\test3.jpg [2013/02/17 22:10:27 | 000,005,378 | ---- | C] () -- C:\Users\Babuu\tattooruth.jpg [2013/02/17 21:54:06 | 000,004,682 | ---- | C] () -- C:\Users\Babuu\Text2.jpg [2013/02/17 21:53:29 | 000,004,373 | ---- | C] () -- C:\Users\Babuu\Text1.jpg [2013/02/15 12:06:52 | 000,039,803 | ---- | C] () -- C:\Users\Babuu\Lio1.jpg [2013/02/15 12:06:37 | 000,044,313 | ---- | C] () -- C:\Users\Babuu\Lio2.jpg [2013/02/13 14:46:58 | 000,039,728 | ---- | C] () -- C:\Users\Babuu\me.jpg [2013/02/11 01:07:02 | 000,008,088 | ---- | C] () -- C:\Users\Babuu\ronja3.jpg [2013/02/11 00:42:05 | 000,034,373 | ---- | C] () -- C:\Users\Babuu\Ronja2.jpg [2013/02/10 23:07:03 | 000,029,985 | ---- | C] () -- C:\Users\Babuu\Ronja.jpg [2013/02/07 17:56:58 | 000,043,075 | ---- | C] () -- C:\Users\Babuu\Flur.jpg [2013/02/07 08:26:44 | 000,037,464 | ---- | C] () -- C:\Users\Babuu\´Draculaura.jpg [2013/02/05 22:35:34 | 000,042,605 | ---- | C] () -- C:\Users\Babuu\Arbeitsplatz.jpg [2013/01/30 19:30:22 | 000,011,625 | ---- | C] () -- C:\Users\Babuu\MeNia.jpg [2013/01/29 23:16:10 | 000,027,999 | ---- | C] () -- C:\Users\Babuu\Pferdekopfskizze.jpg [2013/01/29 00:27:26 | 000,007,944 | ---- | C] () -- C:\Users\Babuu\etsybanner.jpg [2013/01/28 01:07:27 | 000,016,776 | ---- | C] () -- C:\Users\Babuu\fliepi.jpg [2013/01/25 17:15:15 | 000,060,307 | ---- | C] () -- C:\Users\Babuu\paket3.jpg [2013/01/25 17:15:03 | 000,072,011 | ---- | C] () -- C:\Users\Babuu\paket2.jpg [2013/01/25 17:14:49 | 000,063,554 | ---- | C] () -- C:\Users\Babuu\Paket1.jpg [2013/01/23 21:08:05 | 000,089,422 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1002.jpg [2013/01/23 20:57:38 | 000,089,187 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1001.jpg [2013/01/23 20:44:58 | 000,112,461 | ---- | C] () -- C:\Users\Babuu\hintergrundtest1000.jpg [2013/01/23 20:02:16 | 000,178,980 | ---- | C] () -- C:\Users\Babuu\Hintergrundblog.jpg [2013/01/23 19:58:20 | 000,005,120 | ---- | C] () -- C:\Users\Babuu\~Hintergrund.UAS [2013/01/23 19:54:36 | 000,174,208 | ---- | C] () -- C:\Users\Babuu\Hintergrund.jpg [2013/01/23 19:48:20 | 000,173,568 | ---- | C] () -- C:\Users\Babuu\~Blog2.UAS [2013/01/23 19:38:15 | 000,076,376 | ---- | C] () -- C:\Users\Babuu\Blog2.jpg [2013/01/23 19:32:10 | 000,077,549 | ---- | C] () -- C:\Users\Babuu\Blog.jpg [2013/01/23 19:32:02 | 000,172,544 | ---- | C] () -- C:\Users\Babuu\Blog.ufo [2013/01/23 19:06:26 | 000,042,102 | ---- | C] () -- C:\Users\Babuu\fbbanner2.jpg [2013/01/23 18:57:59 | 000,054,353 | ---- | C] () -- C:\Users\Babuu\fbbanner.jpg [2013/01/23 18:49:13 | 000,047,399 | ---- | C] () -- C:\Users\Babuu\Profilbildfb.jpg [2013/01/23 18:40:34 | 000,033,702 | ---- | C] () -- C:\Users\Babuu\Profilbild.jpg [2013/01/23 18:28:32 | 000,058,234 | ---- | C] () -- C:\Users\Babuu\Dawandabanner.jpg [2013/01/23 17:51:32 | 000,058,445 | ---- | C] () -- C:\Users\Babuu\logodawanda2.jpg [2013/01/23 17:45:29 | 000,043,979 | ---- | C] () -- C:\Users\Babuu\logodawanda.jpg [2013/01/23 17:30:59 | 000,044,426 | ---- | C] () -- C:\Users\Babuu\Logo.jpg [2013/01/06 15:43:26 | 000,267,528 | ---- | C] () -- C:\Users\Babuu\Maya.jpg [2013/01/05 20:17:09 | 000,054,188 | ---- | C] () -- C:\Users\Babuu\Stoff.jpg [2013/01/04 17:07:18 | 000,062,603 | ---- | C] () -- C:\Users\Babuu\Tashi.jpg [2013/01/01 00:28:33 | 000,173,468 | ---- | C] () -- C:\Users\Babuu\silvester10.jpg [2013/01/01 00:28:14 | 000,145,249 | ---- | C] () -- C:\Users\Babuu\silvester9.jpg [2013/01/01 00:27:50 | 000,168,779 | ---- | C] () -- C:\Users\Babuu\silvester8.jpg [2013/01/01 00:27:32 | 000,226,602 | ---- | C] () -- C:\Users\Babuu\silvester7.jpg [2013/01/01 00:26:36 | 000,194,938 | ---- | C] () -- C:\Users\Babuu\silvester6.jpg [2013/01/01 00:25:27 | 000,214,917 | ---- | C] () -- C:\Users\Babuu\silvester5.jpg [2013/01/01 00:24:25 | 000,199,580 | ---- | C] () -- C:\Users\Babuu\silvester4.jpg [2013/01/01 00:23:29 | 000,191,261 | ---- | C] () -- C:\Users\Babuu\silvester3.jpg [2013/01/01 00:22:50 | 000,218,576 | ---- | C] () -- C:\Users\Babuu\Silvester2.jpg [2013/01/01 00:22:00 | 000,208,397 | ---- | C] () -- C:\Users\Babuu\Silvester1.jpg [2012/12/31 23:52:35 | 000,112,808 | ---- | C] () -- C:\Users\Babuu\Neujahr.jpg [2012/12/30 20:57:17 | 000,258,110 | ---- | C] () -- C:\Users\Babuu\sesselbezug2.jpg [2012/12/30 20:11:12 | 000,232,091 | ---- | C] () -- C:\Users\Babuu\Sesselbezug.jpg [2012/12/30 17:58:23 | 000,214,516 | ---- | C] () -- C:\Users\Babuu\aufräumen3.jpg [2012/12/30 17:58:10 | 000,154,067 | ---- | C] () -- C:\Users\Babuu\aufräumen2.jpg [2012/12/30 17:57:53 | 000,199,038 | ---- | C] () -- C:\Users\Babuu\aufräumen1.jpg [2012/12/30 16:44:11 | 000,190,994 | ---- | C] () -- C:\Users\Babuu\nähchaos3.jpg [2012/12/30 16:43:22 | 000,179,817 | ---- | C] () -- C:\Users\Babuu\Nähchaos2.jpg [2012/12/30 16:41:29 | 000,206,625 | ---- | C] () -- C:\Users\Babuu\Nähchaos1.jpg [2012/12/26 17:30:23 | 000,152,190 | ---- | C] () -- C:\Users\Babuu\Zum Geburtstag.jpg [2012/12/26 16:59:57 | 001,093,120 | ---- | C] () -- C:\Users\Babuu\Rose.ufo [2012/12/16 18:00:48 | 000,055,368 | ---- | C] () -- C:\Users\Babuu\LiloNala4.jpg [2012/12/16 18:00:22 | 000,048,546 | ---- | C] () -- C:\Users\Babuu\LiloNala3.jpg [2012/12/16 17:59:39 | 000,059,956 | ---- | C] () -- C:\Users\Babuu\LiloNala2.jpg [2012/12/16 17:58:43 | 000,042,003 | ---- | C] () -- C:\Users\Babuu\LiloNala1.jpg [2012/12/15 11:14:58 | 000,016,834 | ---- | C] () -- C:\Users\Babuu\SkizzeMaria.jpg [2012/12/14 15:51:10 | 000,062,069 | ---- | C] () -- C:\Users\Babuu\Pickelchen.jpg [2012/12/06 21:30:08 | 000,086,355 | ---- | C] () -- C:\Users\Babuu\Michaela.jpg [2012/11/22 21:08:36 | 000,099,271 | ---- | C] () -- C:\Users\Babuu\Arbeitszimmer.jpg [2012/11/20 15:10:47 | 000,000,120 | ---- | C] () -- C:\Windows\WINRESAZ.INI [2012/11/20 14:49:17 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI [2012/11/19 17:09:08 | 000,019,684 | ---- | C] () -- C:\Users\Babuu\AppData\Local\internal.grp [2012/11/19 17:07:02 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012/11/18 15:14:10 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2012/05/22 15:53:46 | 000,007,680 | ---- | C] () -- C:\Users\Babuu\ElsterEinkommenssteuer2011.elfo [2012/05/22 15:31:12 | 000,007,010 | ---- | C] () -- C:\Users\Babuu\ElsterEÜR2011.elfo [2012/03/07 15:02:11 | 000,000,071 | ---- | C] () -- C:\Windows\pex.INI [2012/03/07 09:44:29 | 000,004,918 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012/02/19 20:55:29 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012/02/11 04:36:10 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2012/02/11 04:28:38 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Vielen lieben Dank!!! |
| Themen zu deltasearch - Fortfahren nach ADW-Cleaner/OTL |
| 7-zip, adobe reader xi, avira, bho, bingbar, continue, converter, error, failed, filescout.exe, firefox, flash player, google, home, homepage, iexplore.exe, install.exe, internet browser, internet explorer, logfile, microsoft office starter 2010, mozilla, msiinstaller, ntdll.dll, plug-in, realtek, registrierungsdatenbank, registry, richtlinie, scan, security, server, software, svchost.exe, symantec, tarma, usb, version., windows, wurm |
Baum-Darstellung