|
Log-Analyse und Auswertung: PC scrollt automatisch nach untenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.08.2013, 19:09 | #1 |
| PC scrollt automatisch nach unten Hallo Trojaner-Board Team, mein Windows scrollt automatisch nach unten. Ich habe zwar im Forum nachgeschaut, hatten ja schon einige ein Problem, aber das ist ja wohl individuell, welche Lösungsansätze man verwendet, ich habe deshalb gleich die OTL-Files angehängt. Ich habe auch nach Viren gescannt und mit der Firewall überprüft, nichts nennenswertes, außer dass die PC-Welt Suite und PC-Welt Tune-Up, beide hatte ich aber nur installiert und noch nicht verwendet, als schädlich erkannt wurde OTL.exe:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.08.2013 19:45:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Eigene Dateien Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,25% Memory free 5,99 Gb Paging File | 3,53 Gb Available in Paging File | 58,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 423,60 Gb Total Space | 386,57 Gb Free Space | 91,26% Space Free | Partition Type: NTFS Drive D: | 507,81 Gb Total Space | 474,12 Gb Free Space | 93,36% Space Free | Partition Type: NTFS Drive F: | 144,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1863,01 Gb Total Space | 1396,38 Gb Free Space | 74,95% Space Free | Partition Type: NTFS Computer Name: TOM-HOME-PC | User Name: Tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Eigene Dateien\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Gigabyte\SmartRecovery2_x86\RPMDaemon.exe (Gigabyte Technology CO.) PRC - C:\Programme\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.) PRC - C:\Programme\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Splashtop\Splashtop Remote\Server\SRSOOBE.exe (Splashtop Inc.) PRC - C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) PRC - C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\jwpen.exe () PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe () PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA) PRC - C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\0c72b4e5c1de77634ec157943074cea4\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d5cfc19d54290dc150dedcc6a58cf6ba\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f3a0f58fe7c369ad8f3cf7caf9dfe530\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\2a3197ccfb2048adddde6b0db5a0d265\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f53bcd4c15b40418ee9ddc9eb6c09ea1\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c9894395c04b955cabd43af3a5f62191\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7e03172b9abac125616e59e7452ca94b\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\318853f2879d42c73c71220967dee475\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1a5b3023141843aaaf176b8e63bf78e5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6fa468188705932387c89c28c77e3367\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0bcfa477c2670c4343ffdf576810d81d\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\bff5f538eab1eb8a5c42e9867715de33\System.ni.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\2f9397ea05512f313f5f21c9d7bc20a3\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\GBHO\1.0.0.0__709f1911357dc329\GBHO.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll () MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SplashtopRemoteService) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SSUService) -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (ICCS) -- C:\Programme\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (Canon Driver Information Assist Service) -- C:\Programme\Canon\DIAS\CnxDIAS.exe (CANON INC.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (HWSuperPowerTablet) -- C:\Windows\jwpen.exe () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\essvr.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.) ========== Driver Services (SafeList) ========== DRV - (PciSPorts) -- system32\DRIVERS\PciSPorts.sys File not found DRV - (PciPPorts) -- system32\DRIVERS\PciPPorts.sys File not found DRV - (amdiox86) -- system32\DRIVERS\amdiox86.sys File not found DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys () DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AODDriver) -- C:\Programme\Gigabyte\ET6\i386\AODDriver.sys (Advanced Micro Devices) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys () DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys () DRV - (RTVLANPT) -- C:\Windows\System32\drivers\RtVlan620.sys (Realtek Corporation) DRV - (TEAM) -- C:\Windows\System32\drivers\RtTeam60.sys (Realtek Corporation) DRV - (RTTEAMPT) -- C:\Windows\System32\drivers\RtTeam60.sys (Realtek Corporation) DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Realtek ) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (NmPar) -- C:\Windows\System32\drivers\NmPar.sys (Windows (R) Codename Longhorn DDK provider) DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation) DRV - (VHWDrawing) -- C:\Windows\System32\drivers\HWDrawing.sys (Windows (R) Codename Longhorn DDK provider) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc) DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031 IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes,DefaultScope = {8DFC250F-A969-4610-9432-E073A61436CC} IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\SearchScopes\{8DFC250F-A969-4610-9432-E073A61436CC}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793 IE - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5 FF - prefs.js..extensions.enabledAddons: %7Bef62e1ce-d2a4-4cdd-b7ec-92b120366b66%7D:2.7.8 FF - prefs.js..extensions.enabledAddons: groovesharkProxy%40DannieDarko:1.3.2 FF - prefs.js..extensions.enabledAddons: SciLorsGrooveUnlocker%40scilor.com:0.3.3 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.9.3 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..network.proxy.ftp: "91.121.84.128" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "91.121.84.128" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "91.121.84.128" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "91.121.84.128" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.07.10 20:10:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.15 10:05:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.15 10:05:51 | 000,000,000 | ---D | M] [2013.07.10 12:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions [2013.08.15 15:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions [2013.07.12 16:54:06 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2013.07.12 16:53:59 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.07.10 20:10:18 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\ffxtlbr@zonealarm.com [2013.07.10 12:32:29 | 000,000,000 | ---D | M] (Grooveshark Proxy) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\groovesharkProxy@DannieDarko [2013.08.15 15:33:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\611hehdm.default\extensions\ich@maltegoetz.de [2013.07.12 18:16:24 | 000,317,252 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\artur.dubovoy@gmail.com.xpi [2013.08.15 15:33:12 | 000,050,777 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\groovesharkUnlocker@overlord1337.xpi [2013.07.10 12:33:25 | 000,129,384 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2013.02.09 10:14:26 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\stealthyextension@gmail.com.xpi [2012.02.17 18:51:06 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\youtube2mp3@mondayx.de.xpi [2011.10.16 01:23:18 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2012.12.27 20:34:34 | 000,010,506 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\gmx-suche.xml [2012.12.27 20:34:34 | 000,005,489 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\webde-suche.xml [2013.07.10 19:58:13 | 000,001,498 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\611hehdm.default\searchplugins\zonealarm.xml [2013.08.18 15:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.08.18 15:41:40 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Programme\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-2076123036-2307069962-1632283144-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [RPMKickstart] C:\Programme\Gigabyte\SmartRecovery2_x86\RPMKickstart.exe (Gigabyte Technology CO., LTD.) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{116B09DE-7451-41F3-BEF3-74FC61EFD1C5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.09.25 22:00:00 | 000,000,064 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{6dee1b91-e81e-11e2-966a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6dee1b91-e81e-11e2-966a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2009.10.09 13:42:10 | 000,103,816 | R--- | M] (CANON INC.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.18 18:11:48 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\AVG2013 [2013.08.18 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\TuneUp Software [2013.08.18 18:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.08.18 18:09:52 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.08.18 18:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.08.18 18:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2013.08.18 18:07:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\MFAData [2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.08.18 18:07:49 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Avg2013 [2013.08.18 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.08.15 17:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.08.15 17:02:49 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.08.15 17:02:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.08.15 17:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.08.15 17:02:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.08.15 17:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.08.15 17:02:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.08.15 17:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.08.15 17:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.08.15 17:02:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.08.15 12:23:03 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\jZip [2013.08.15 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\jZip [2013.08.15 12:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor [2013.08.15 10:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.08.15 09:27:47 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.08.15 09:27:47 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.08.15 09:27:44 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.08.15 09:27:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013.07.20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys [2013.07.20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [2013.07.20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys [2013.07.20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys ========== Files - Modified Within 30 Days ========== [2013.08.18 19:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.18 19:31:35 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.18 19:31:35 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.18 19:27:45 | 000,001,136 | ---- | M] () -- C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk [2013.08.18 19:24:52 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2013.08.18 19:24:39 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job [2013.08.18 19:24:33 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013.08.18 19:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.18 19:24:12 | 2413,748,224 | -HS- | M] () -- C:\hiberfil.sys [2013.08.18 19:20:13 | 000,698,688 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.08.18 19:20:13 | 000,653,526 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.08.18 19:20:13 | 000,148,828 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.08.18 19:20:13 | 000,121,398 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.08.18 18:10:55 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.08.15 15:36:20 | 335,308,934 | ---- | M] () -- C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv [2013.08.15 12:25:53 | 000,000,943 | ---- | M] () -- C:\Users\Tom\Desktop\jZip.lnk [2013.07.26 05:13:37 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.07.26 05:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.07.26 05:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.07.26 05:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.07.26 05:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.07.26 05:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.07.26 05:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.07.26 05:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.07.26 04:49:14 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.07.26 03:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.07.20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys [2013.07.20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys [2013.07.20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys [2013.07.20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys ========== Files Created - No Company Name ========== [2013.08.18 19:27:45 | 000,001,136 | ---- | C] () -- C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk [2013.08.18 18:10:55 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.08.15 15:35:08 | 335,308,934 | ---- | C] () -- C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv [2013.08.15 12:25:53 | 000,000,973 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk [2013.08.15 12:25:53 | 000,000,943 | ---- | C] () -- C:\Users\Tom\Desktop\jZip.lnk [2013.07.17 17:43:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\HWPenOE.dll [2013.07.17 17:35:56 | 000,212,696 | ---- | C] () -- C:\Windows\System32\HWMouseSet.exe [2013.07.17 17:35:56 | 000,077,016 | ---- | C] () -- C:\Windows\jwpen.exe [2013.07.17 17:35:56 | 000,061,144 | ---- | C] () -- C:\Windows\System32\jwusbchk.dll [2013.07.17 17:35:56 | 000,017,624 | ---- | C] () -- C:\Windows\DevInst.exe [2013.07.17 17:35:56 | 000,015,064 | ---- | C] () -- C:\Windows\HWDevInst.exe [2013.07.17 16:52:50 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2013.07.12 17:50:43 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys [2013.07.11 09:59:46 | 000,000,439 | ---- | C] () -- C:\Windows\System32\CNCMFP42.INI [2013.07.09 23:08:23 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2013.07.09 23:03:46 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2013.07.09 23:03:46 | 000,019,056 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2013.07.09 22:57:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.07.09 01:26:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.07.09 01:23:55 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2013.07.09 01:23:55 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2013.07.09 01:23:55 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2013.03.29 04:13:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe [2013.03.12 07:38:22 | 000,695,006 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2013.03.04 20:52:52 | 000,230,836 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2013.02.01 02:14:10 | 000,075,600 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.11.22 17:14:26 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.08.18 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013 [2013.07.11 11:11:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Canon [2013.07.10 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\CheckPoint [2013.07.17 16:55:59 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\MAGIX [2013.07.09 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Splashtop Remote Client [2013.07.12 16:38:19 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Thunderbird [2013.08.18 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.08.2013 19:45:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Eigene Dateien Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 41,25% Memory free 5,99 Gb Paging File | 3,53 Gb Available in Paging File | 58,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 423,60 Gb Total Space | 386,57 Gb Free Space | 91,26% Space Free | Partition Type: NTFS Drive D: | 507,81 Gb Total Space | 474,12 Gb Free Space | 93,36% Space Free | Partition Type: NTFS Drive F: | 144,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1863,01 Gb Total Space | 1396,38 Gb Free Space | 74,95% Space Free | Partition Type: NTFS Computer Name: TOM-HOME-PC | User Name: Tom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{015F1334-A022-43CA-B714-7D4EDA11A6E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{01F653B8-9F39-4178-8F27-E00F5B7A87FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{128E7F9A-0D7E-46D5-BA5F-3F395F346C01}" = lport=138 | protocol=17 | dir=in | app=system | "{16307A6C-29C6-4DE6-A2F8-99E446C9A449}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3612A0FD-3D0A-4889-B6CD-D6EAA763BFDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{41FD6D21-023C-4F31-A0B0-E0D7A1BA2333}" = rport=138 | protocol=17 | dir=out | app=system | "{469C079B-9E97-43A3-876A-BC7F2A0E0430}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E92999D-038B-45E1-B835-2AE760AB378D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B0799E0-30CF-48D6-9972-F2228BCE71F5}" = lport=139 | protocol=6 | dir=in | app=system | "{5B32D88D-55E6-4A93-88FE-CFE1573EAB2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B725A1B-ACB2-4E88-AA0B-63D38B320A81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{75A76EA5-4D90-4AD3-A313-DAA9958846DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9EF42413-CEDB-46AE-8AD6-C261567E14F3}" = rport=139 | protocol=6 | dir=out | app=system | "{A67DB801-7253-49C2-B688-0E5A8EB0EA7E}" = rport=137 | protocol=17 | dir=out | app=system | "{B06CF49D-FC41-4389-95AD-2E7B235B3232}" = lport=10243 | protocol=6 | dir=in | app=system | "{B510A399-4D10-4BA6-95D2-18BE053FB52C}" = rport=445 | protocol=6 | dir=out | app=system | "{B61398C5-88DE-4553-BCF7-4DA4CA5B5A44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BFD716E7-9ED0-4313-8A99-41B52C2B6852}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C70737E8-BFBC-4A6E-950F-9CB10F4CE4E4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CC59AFDF-F384-415A-85F9-8C6A4F2213C1}" = lport=2869 | protocol=6 | dir=in | app=system | "{D3C92DB5-20AC-4571-9AB9-61A88908779D}" = rport=10243 | protocol=6 | dir=out | app=system | "{DC520DF0-D0CA-4E1F-88F5-F8B0640F5A74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DC8C1E41-9E94-491B-9D01-743C65CA6A41}" = lport=445 | protocol=6 | dir=in | app=system | "{E2B9ABF8-B17E-48FA-81B5-22356875F8CE}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01B6B920-C9AB-4DBD-85E4-87DFBD95FBCF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{0D4955EF-D8A7-426B-9545-D7ADA6DAA657}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{126265AF-AA66-4B8B-A973-32AD14E5C295}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{1310401D-B477-40CB-B877-7CCBDAEEC2A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1535A17E-2174-4E4B-91B2-6769DA823BF7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{2BE42523-A719-49EA-9D43-05CE84525710}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{42057F0C-3B83-4C05-AC90-F04CD229D14D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{46CCE0DA-6EF1-4F96-AF82-F54537566F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{66BF9F3C-E152-414B-9F8C-B3CAB06DEC63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7021D21C-C6CA-4D38-BD05-32698B594403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{79016B9B-D7C6-42FF-8566-B5E17114DF1F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{83D45EE7-B149-4C71-8EA1-552A7589463B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9181085C-35A5-4409-B737-C7AE71AAD33E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A7F59905-CE13-4B92-8919-42971A041F47}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B3A3B7D5-D807-4C01-92F0-4BCC3DC85EE7}" = protocol=6 | dir=out | app=system | "{B40F8E3F-EE1B-4A91-85A8-CBF739878188}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B819F8B5-A41E-4EF6-BA0E-1F9BA7D2F7D8}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{BB113821-F211-4B8B-A50B-578BE95583EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB7C4074-FA94-45B8-BA6D-0EC1C238A871}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{C0586423-0669-4113-A73B-78EFF800327D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{C32BD6D5-79AD-44CB-99FE-B7AE80183555}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CAE0F387-F342-44B1-A79A-9BD986760B68}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{CE2E8AE0-DB96-4273-B0A4-94DD692D14F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D5AB810D-74FA-4AFF-B631-22A9FA802F67}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{DC3A9985-69FD-481B-BC4D-EBAB35787C9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DDCE3337-656E-4409-84CD-F8AE5AFF8ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E70E7034-3A0F-46B1-843B-E6399F4EECB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F65E5ED3-144E-4F7B-B882-535F59297D9D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{F775E047-DBFB-46F5-A74A-CF3D170C7B5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{F9F8701A-6DAB-4323-81B2-27DA8364C765}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "TCP Query User{2E98E2C3-8626-4593-BBC8-298DF0DF49D8}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | "TCP Query User{668D4031-2975-4A40-87A6-81182CE6840A}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | "TCP Query User{8A919811-42DF-431D-A94A-72D81AE163BE}C:\program files\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files\gigabyte\updmanager\runupd.exe | "UDP Query User{68781E72-AE45-4EB9-A448-AB34D6D220D4}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | "UDP Query User{744ADD6C-1834-46E7-B9C2-B15B957150EA}C:\program files\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\gbtupd.exe | "UDP Query User{82EAA738-4F08-46EC-A66F-EA082A74F367}C:\program files\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files\gigabyte\updmanager\runupd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Corel Painter 12 "_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 "_{761B6C00-A23A-4F17-9D23-CB7E48307314}" = Corel Graphics - Windows Shell Extension "{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM "{00DAA13A-EA2A-4142-AEB6-FFA6B124985D}" = HWTablet "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 "{075A7877-02CA-4B15-8534-1211712A8E79}" = ZoneAlarm Firewall "{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish "{15971B11-14DA-873C-1ACD-188603C38889}" = AMD Catalyst Install Manager "{169ADA4A-8079-4CD8-8E20-030B1A54E552}" = CorelDRAW Graphics Suite X6 - DE "{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit "{1BD9E24B-DB16-491C-8092-F158664BB9F6}" = ZoneAlarm Security "{1E964D62-3397-45B7-A9D2-F27C22D9D4BA}" = Painter 12 - Setup Files "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 9 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian "{2333E82C-E577-4982-B60F-80C74BA69A07}" = Corel Painter 12 - IPM "{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy "{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common "{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common "{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.0418.1 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools "{33ABEC18-41FB-4558-A245-BEED47897D0C}" = Painter 12 - FR "{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish "{36B01464-5050-4492-BAA3-46E62551EEAB}_is1" = PC-WELT-TuneUpSuite 1.0 "{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = AMD VISION Engine Control Center "{3CF3DEF4-ED15-4F7B-9320-C3E1081EA4DA}" = SlimDrivers "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1 "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView Ver.1.5 B12.0314.1 "{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese "{4461B49E-E20D-422B-A507-698446FE2AC8}" = Painter 12 - IT "{44FDF3F0-9DEF-46A6-A552-404BBF55451B}" = Painter 12 - Core "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1 "{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian "{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish "{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian "{4E90A19D-D345-2F69-4B71-2503B5C10FE7}" = AMD Fuel "{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish "{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files "{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek "{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav "{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese "{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013 "{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data "{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist "{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai "{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT "{73BD1CE5-F278-4540-B667-7F7D86488236}" = Hanvon Soft 3.0 "{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture "{761B6C00-A23A-4F17-9D23-CB7E48307314}" = Corel Graphics - Windows Shell Extension "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{776DC020-024F-4C19-AB2B-B526164136F8}" = Painter 12 - DE "{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters "{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA "{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6 "{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6 "{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85494707-8DE1-3F79-9B74-A619BA2188A4}" = AMD Media Foundation Decoders "{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional "{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86) "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client "{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish "{9532F6E0-ED0A-41A4-87F9-49478E44E8C1}" = ZoneAlarm Antivirus "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EF200A3-1CAC-462E-990B-EC902279BAAA}" = Microsoft Visual Basic for Applications 7.1 (x86) German "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A5CB0BC7-9553-420D-A3CD-D3C59FB99872}" = Painter 12 - EN "{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch "{A7581B61-C9F9-4fea-B845-E7733C17EC19}" = Canon MF8000C Series "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{B0B6E3AF-093D-9B5C-040D-D3BBB90CE757}" = AMD Accelerated Video Transcoding "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B4B8D818-7027-1744-8A21-DD53509E041A}" = ccc-utility "{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer "{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian "{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech "{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw "{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1 "{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013 "{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French "{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin "{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect "{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard "{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding "{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility "{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E36C13C4-C802-4A57-8B7C-3D9DF80F3E95}" = Smart Recovery 2 B12.0417.1 (x86) "{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B12.0531.01 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All "{F2776738-1A97-45F2-BE5A-DBBC66ACB9D4}" = Painter 12 - Painter "{F308B531-AB20-4A79-8F5E-83071FE5BE60}" = Q-Share Ver.1.2 "{FBAAC4C8-D5ED-4308-9FC6-84E44E392395}" = Painter 12 - Content "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2013 "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "DPP" = Canon Utilities Digital Photo Professional 3.8 "EOS Utility" = Canon Utilities EOS Utility "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 9 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0509.1 "InstallShield_{936BAF9D-CE07-467E-B5B0-F0BC5B5E6EDB}" = Splashtop Remote Client "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1 "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de) "Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Original Data Security Tools" = Canon Utilities Original Data Security Tools "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Smart File Advisor_is1" = Smart File Advisor 1.1.1 "Splashtop Software Updater" = Splashtop Software Updater "WFTK" = Canon Utilities WFT Utility "ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2076123036-2307069962-1632283144-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "jZip" = jZip ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.07.2013 13:53:14 | Computer Name = Tom-Home-PC | Source = Software Protection Platform Service | ID = 8200 Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C008 Error - 17.07.2013 13:53:14 | Computer Name = Tom-Home-PC | Source = Software Protection Platform Service | ID = 1014 Description = Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008 SKU-ID=586bc076-c93d-429a-afe5-a69fbc644e88 Error - 18.07.2013 04:15:55 | Computer Name = Tom-Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x508 Startzeit der fehlerhaften Anwendung: 0x01ce838f04265e51 Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 44390c38-ef82-11e2-b1cb-902b34a84031 Error - 18.07.2013 04:38:20 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error - 18.07.2013 04:38:20 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error - 18.07.2013 11:10:50 | Computer Name = Tom-Home-PC | Source = .NET Runtime | ID = 1026 Description = Error - 18.07.2013 11:10:50 | Computer Name = Tom-Home-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 16.1.0.843, Zeitstempel: 0x4fff8124 Name des fehlerhaften Moduls: Wintab32.dll, Version: 3.0.0.1, Zeitstempel: 0x4ae66b46 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00001189 ID des fehlerhaften Prozesses: 0x1488 Startzeit der fehlerhaften Anwendung: 0x01ce83c7c613de25 Pfad der fehlerhaften Anwendung: C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\Wintab32.dll Berichtskennung: 3b1463a5-efbc-11e2-a1fc-902b34a84031 Error - 18.07.2013 15:30:14 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error - 18.07.2013 15:30:14 | Computer Name = Tom-Home-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error - 15.08.2013 12:23:09 | Computer Name = Tom-Home-PC | Source = .NET Runtime Optimization Service | ID = 1101 Description = [ System Events ] Error - 15.08.2013 06:11:50 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 15.08.2013 06:11:50 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 15.08.2013 06:11:51 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 15.08.2013 12:21:48 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet. Error - 18.08.2013 09:49:57 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.08.2013 09:49:58 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.08.2013 09:49:59 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.08.2013 09:49:59 | Computer Name = Tom-Home-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 18.08.2013 13:05:53 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 18.08.2013 13:23:03 | Computer Name = Tom-Home-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 < End of report > Sollte noch was fehlen, reiche ichs natürlich gerne nach. Ich hoffe ihr könnt mir helfen, das ist mein Geschäfts PC und so kann ich nicht arbeiten und meine Termine nicht einhalten. In meinem Business kann mich das ruinieren... Liebe Grüße, Tom |
18.08.2013, 20:37 | #2 |
/// the machine /// TB-Ausbilder | PC scrollt automatisch nach unten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
19.08.2013, 08:10 | #3 |
| PC scrollt automatisch nach unten Hallo Schrauber,
__________________vielen Dank für die schnelle Antwort :-) Hier die Dateien: FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013 Ran by Tom (administrator) on 19-08-2013 09:03:32 Running from D:\Eigene Dateien Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (CANON INC.) C:\Program Files\Canon\DIAS\CnxDIAS.exe () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE () C:\Windows\jwpen.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe () C:\Windows\Jwpen.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Splashtop Inc.) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRSOOBE.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Gigabyte Technology CO.) C:\Program Files\Gigabyte\SmartRecovery2_x86\RPMDaemon.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (汉王科技股份有限公司) C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated) HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation) HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-08-30] (Check Point Software Technologies) HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-10-09] (Check Point Software Technologies LTD) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [4045432 2000-01-01] (VIA) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Smart File Advisor] - C:\Program Files\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net) HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [RPMKickstart] - C:\Program Files\Gigabyte\SmartRecovery2_x86\RPMKickstart.exe [1785856 2013-07-12] (Gigabyte Technology CO., LTD.) HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [221184 2005-02-17] (InstallShield Software Corporation) MountPoints2: {6dee1b91-e81e-11e2-966a-806e6f6e6963} - F:\SETUP.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hanvon Soft.lnk ShortcutTarget: Hanvon Soft.lnk -> C:\Program Files\Hanvon\HWSOFT\HWShell2U.exe (汉王科技股份有限公司) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031 SearchScopes: HKCU - DefaultScope {8DFC250F-A969-4610-9432-E073A61436CC} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793 SearchScopes: HKCU - {8DFC250F-A969-4610-9432-E073A61436CC} URL = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN118841381293619-1001&toolbarId=base&affiliateId=1001&Lan=de&utid=e4daa385000000000000902b34a84031&q={searchTerms}&r=793 BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: GBHO.BHO - {c20391ee-b6fd-4a35-9f1b-2892dda5b107} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM - Smart Recovery 2 - {a011d643-4a67-4934-a775-46139847d7f2} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) Toolbar: HKCU -No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU -ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default FF user.js: detected! => C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\user.js FF NetworkProxy: "ftp", "188.134.20.63" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "188.134.20.63" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "188.134.20.63" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "188.134.20.63" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 1 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\searchplugins\zonealarm.xml FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: Deutsches Wörterbuch - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: zonealarm.com - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\ffxtlbr@zonealarm.com FF Extension: Grooveshark Proxy - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\groovesharkProxy@DannieDarko FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\ich@maltegoetz.de FF Extension: FoxLingo - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} FF Extension: artur.dubovoy - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\artur.dubovoy@gmail.com.xpi FF Extension: groovesharkUnlocker - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\groovesharkUnlocker@overlord1337.xpi FF Extension: SciLorsGrooveUnlocker - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi FF Extension: stealthyextension - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\stealthyextension@gmail.com.xpi FF Extension: youtube2mp3 - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\youtube2mp3@mondayx.de.xpi FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\611hehdm.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker ========================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [3715248 2011-03-18] (CANON INC.) R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] () R2 HWSuperPowerTablet; C:\Windows\jwpen.exe [77016 2010-02-05] () S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-08-30] (Check Point Software Technologies) S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [789856 2013-06-28] (Splashtop Inc.) R2 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [583968 2013-05-08] (Splashtop Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2000-01-01] (VIA Technologies, Inc.) R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-10-09] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== S3 AODDriver; C:\Program Files\Gigabyte\ET6\i386\AODDriver.sys [49248 2013-07-12] (Advanced Micro Devices) R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] () R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [51328 2000-01-01] (Etron Technology Inc) R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [71552 2000-01-01] (Etron Technology Inc) R3 gdrv; C:\Windows\gdrv.sys [17488 2013-08-19] (Windows (R) 2000 DDK provider) S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-07-09] () R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [133208 2012-01-09] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11352 2012-01-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [468272 2012-01-09] (Kaspersky Lab) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 mf; C:\Windows\System32\DRIVERS\mf.sys [114176 2009-07-14] (Microsoft Corporation) R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [81920 2010-07-09] (Windows (R) Codename Longhorn DDK provider) R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [33056 2011-06-15] (Realtek ) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2011-06-15] (Realtek Corporation) S3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-08-19] () S3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [40736 2011-06-15] (Realtek Corporation) R3 VHWDrawing; C:\Windows\System32\DRIVERS\HWDrawing.sys [6400 2007-03-26] (Windows (R) Codename Longhorn DDK provider) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1841272 2000-01-01] (VIA Technologies, Inc.) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD) S3 amdiox86; system32\DRIVERS\amdiox86.sys [x] S3 PciPPorts; system32\DRIVERS\PciPPorts.sys [x] S3 PciSPorts; system32\DRIVERS\PciSPorts.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-18 19:27 - 2013-08-18 19:27 - 00001136 _____ C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk 2013-08-18 19:07 - 2013-08-19 08:35 - 00000168 _____ C:\Windows\setupact.log 2013-08-18 18:11 - 2013-08-18 18:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\AVG2013 2013-08-18 18:10 - 2013-08-18 18:10 - 00000951 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-08-18 18:10 - 2013-08-18 18:10 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TuneUp Software 2013-08-18 18:09 - 2013-08-18 18:11 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ___HD C:\$AVG 2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\Program Files\AVG 2013-08-18 18:07 - 2013-08-19 08:40 - 00000000 ____D C:\ProgramData\MFAData 2013-08-18 18:07 - 2013-08-18 18:21 - 00000000 ____D C:\Users\Tom\AppData\Local\Avg2013 2013-08-18 18:07 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\MFAData 2013-08-18 15:41 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-15 17:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 17:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 17:02 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 17:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 17:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 17:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 17:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 17:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 17:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 15:35 - 2013-08-15 15:36 - 335308934 _____ C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv 2013-08-15 12:25 - 2013-08-15 12:25 - 00000973 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk 2013-08-15 12:25 - 2013-08-15 12:25 - 00000943 _____ C:\Users\Tom\Desktop\jZip.lnk 2013-08-15 12:23 - 2013-08-15 12:26 - 00000000 ____D C:\Users\Tom\AppData\Local\jZip 2013-08-15 12:21 - 2013-08-15 12:25 - 00000000 ____D C:\Program Files\jZip 2013-08-15 12:15 - 2013-08-15 12:15 - 00000000 ____D C:\Program Files\Smart File Advisor 2013-08-15 10:05 - 2013-08-15 18:28 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-08-15 09:27 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 09:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 09:27 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-15 09:27 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 09:27 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 09:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 09:27 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 09:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 09:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 09:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 09:27 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 09:27 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys ==================== One Month Modified Files and Folders ======= 2013-08-19 09:03 - 2013-07-09 00:43 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-19 08:42 - 2009-07-14 06:34 - 00015968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-19 08:42 - 2009-07-14 06:34 - 00015968 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-19 08:40 - 2013-08-18 18:07 - 00000000 ____D C:\ProgramData\MFAData 2013-08-19 08:36 - 2013-07-10 12:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-19 08:36 - 2013-07-10 00:04 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys 2013-08-19 08:35 - 2013-08-18 19:07 - 00000168 _____ C:\Windows\setupact.log 2013-08-19 08:35 - 2013-07-12 17:50 - 00013464 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2013-08-19 08:35 - 2013-07-12 17:50 - 00000382 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2013-08-19 08:35 - 2013-07-09 22:59 - 00000144 _____ C:\service.log 2013-08-19 08:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-18 20:11 - 2013-07-09 00:36 - 02006697 _____ C:\Windows\WindowsUpdate.log 2013-08-18 19:27 - 2013-08-18 19:27 - 00001136 _____ C:\Users\Tom\Desktop\Continue Open It! - Zip Extractor Installation.lnk 2013-08-18 19:20 - 2013-07-09 01:14 - 00000000 ____D C:\Users\Tom\AppData\Local\VirtualStore 2013-08-18 19:07 - 2013-07-10 12:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-18 18:21 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\Avg2013 2013-08-18 18:11 - 2013-08-18 18:11 - 00000000 ____D C:\Users\Tom\AppData\Roaming\AVG2013 2013-08-18 18:11 - 2013-08-18 18:09 - 00000000 ____D C:\ProgramData\AVG2013 2013-08-18 18:10 - 2013-08-18 18:10 - 00000951 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-08-18 18:10 - 2013-08-18 18:10 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TuneUp Software 2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ___HD C:\$AVG 2013-08-18 18:09 - 2013-08-18 18:09 - 00000000 ____D C:\Program Files\AVG 2013-08-18 18:07 - 2013-08-18 18:07 - 00000000 ____D C:\Users\Tom\AppData\Local\MFAData 2013-08-18 15:41 - 2013-08-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-15 18:28 - 2013-08-15 10:05 - 00000000 ____D C:\Program Files\Mozilla Thunderbird 2013-08-15 18:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-15 18:19 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-08-15 15:36 - 2013-08-15 15:35 - 335308934 _____ C:\Users\Tom\Documents\Thunderbird 17.0.7 (de) - 2013-08-15.pcv 2013-08-15 12:26 - 2013-08-15 12:23 - 00000000 ____D C:\Users\Tom\AppData\Local\jZip 2013-08-15 12:25 - 2013-08-15 12:25 - 00000973 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk 2013-08-15 12:25 - 2013-08-15 12:25 - 00000943 _____ C:\Users\Tom\Desktop\jZip.lnk 2013-08-15 12:25 - 2013-08-15 12:21 - 00000000 ____D C:\Program Files\jZip 2013-08-15 12:15 - 2013-08-15 12:15 - 00000000 ____D C:\Program Files\Smart File Advisor 2013-08-15 09:25 - 2013-07-12 16:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Thunderbird 2013-07-26 05:13 - 2013-08-15 17:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 05:13 - 2013-08-15 17:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 05:13 - 2013-08-15 17:02 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 05:12 - 2013-08-15 17:02 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 05:12 - 2013-08-15 17:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 05:11 - 2013-08-15 17:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 05:11 - 2013-08-15 17:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-26 04:49 - 2013-08-15 17:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-26 03:59 - 2013-08-15 17:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-25 10:57 - 2013-08-15 09:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-20 01:51 - 2013-07-20 01:51 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00208184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00171320 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00060216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-13 10:23 ==================== End Of Log ============================ Addition.txt:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013 Ran by Tom at 2013-08-19 09:04:06 Running from D:\Eigene Dateien Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= @BIOS (Version: 2.24) 7-Zip 9.20 Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader 9.3 (Version: 9.3.0) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.923.1) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2203) AMD VISION Engine Control Center (Version: 2013.0328.2218.38225) AutoGreen B12.0206.1 (Version: 1.00.0000) AVG 2013 (Version: 13.0.3211) AVG 2013 (Version: 13.0.3392) AVG 2013 (Version: 2013.0.3392) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11) Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9) Canon MF8000C Series (Version: 3.9.0.0) Canon MOV Decoder (Version: 1.5.0.7) Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0) Canon Utilities EOS Utility (Version: 2.8.1.0) Canon Utilities Original Data Security Tools (Version: 1.8.0.1) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities Picture Style Editor (Version: 1.7.0.0) Canon Utilities WFT Utility (Version: 3.5.1.1) Canon Utilities ZoomBrowser EX (Version: 6.5.1.15) Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (Version: 2013.0328.2218.38225) CCC Help Chinese Standard (Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (Version: 2013.0328.2217.38225) CCC Help Czech (Version: 2013.0328.2217.38225) CCC Help Danish (Version: 2013.0328.2217.38225) CCC Help Dutch (Version: 2013.0328.2217.38225) CCC Help English (Version: 2013.0328.2217.38225) CCC Help Finnish (Version: 2013.0328.2217.38225) CCC Help French (Version: 2013.0328.2217.38225) CCC Help German (Version: 2013.0328.2217.38225) CCC Help Greek (Version: 2013.0328.2217.38225) CCC Help Hungarian (Version: 2013.0328.2217.38225) CCC Help Italian (Version: 2013.0328.2217.38225) CCC Help Japanese (Version: 2013.0328.2217.38225) CCC Help Korean (Version: 2013.0328.2217.38225) CCC Help Norwegian (Version: 2013.0328.2217.38225) CCC Help Polish (Version: 2013.0328.2217.38225) CCC Help Portuguese (Version: 2013.0328.2217.38225) CCC Help Russian (Version: 2013.0328.2217.38225) CCC Help Spanish (Version: 2013.0328.2217.38225) CCC Help Swedish (Version: 2013.0328.2217.38225) CCC Help Thai (Version: 2013.0328.2217.38225) CCC Help Turkish (Version: 2013.0328.2217.38225) ccc-utility (Version: 2013.0328.2218.38225) Corel Graphics - Windows Shell Extension (Version: 16.1.0.843) Corel Graphics - Windows Shell Extension (Version: 16.1.843) Corel Painter 12 - IPM (Version: 12.4) Corel Painter 12 (Version: 12.2.1.1212) CorelDRAW Graphics Suite X6 - Capture (Version: 16.1) CorelDRAW Graphics Suite X6 - Common (Version: 16.1) CorelDRAW Graphics Suite X6 - Connect (Version: 16.1) CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.1) CorelDRAW Graphics Suite X6 - DE (Version: 16.1) CorelDRAW Graphics Suite X6 - Draw (Version: 16.1) CorelDRAW Graphics Suite X6 - Filters (Version: 16.1) CorelDRAW Graphics Suite X6 - FontNav (Version: 16.1) CorelDRAW Graphics Suite X6 - IPM (Version: 16.1) CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.1) CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.1) CorelDRAW Graphics Suite X6 - Redist (Version: 16.1) CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.1) CorelDRAW Graphics Suite X6 - VBA (Version: 16.1) CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.1) CorelDRAW Graphics Suite X6 - VSTA (Version: 16.1) CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.1) CorelDRAW Graphics Suite X6 (Version: 16.1) CorelDRAW Graphics Suite X6 (Version: 16.1.0.843) CyberLink Media Suite 9 (Version: 9.0.2608) CyberLink PowerDVD 9 (Version: 9.0.3518.02) DMIView Ver.1.5 B12.0314.1 (Version: 1.5) Easy Tune 6 B12.0509.1 (Version: 1.00.0000) EasySaver B9.1214.1 (Version: 1.00.0000) Etron USB3.0 Host Controller (Version: 0.115) Face_Wizard B12.0531.01 (Version: 1.00.0000) Hanvon Soft 3.0 (Version: 3.00.2100) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1) HWTablet (Version: 3.00.0000) IconHandler 32 bit (Version: 2.0) jZip (HKCU Version: 2.0.0.133556) MAGIX Web Designer 6 (Version: 6.0.1.12177) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00) Microsoft Visual Basic for Applications 7.1 (x86) German (Version: 7.1.0.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729) MozBackup 1.5.1 Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) ON_OFF Charge B11.1102.1 (Version: 1.00.0001) Painter 12 - Content (Version: 12.4) Painter 12 - Core (Version: 12.4) Painter 12 - DE (Version: 12.4) Painter 12 - EN (Version: 12.4) Painter 12 - FR (Version: 12.4) Painter 12 - IT (Version: 12.4) Painter 12 - Painter (Version: 12.4) Painter 12 - Setup Files (Version: 12.4) PC-WELT-TuneUpSuite 1.0 Platform (Version: 1.39) Q-Share Ver.1.2 (Version: 1.2) Realtek Ethernet Controller Driver (Version: 7.56.316.2012) Realtek Ethernet Diagnostic Utility (Version: 1.00.0000) Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122) SlimDrivers (Version: 2.2.30877) Smart File Advisor 1.1.1 (Version: 1.1.1) Smart Recovery 2 B12.0417.1 (x86) (Version: 1.00.0001) Splashtop Remote Client (Version: 1.1.4.0) Splashtop Software Updater (Version: 1.5.6.11) Splashtop Streamer (Version: 2.4.0.1) Update Manager B12.0418.1 (Version: 1.00.0000) VIA Plattform-Geräte-Manager (Version: 1.39) ZoneAlarm Antivirus (Version: 10.2.081.000) ZoneAlarm Firewall (Version: 10.2.081.000) ZoneAlarm Free Antivirus + Firewall (Version: 10.2.074.000) ZoneAlarm Security (Version: 10.2.081.000) ZoneAlarm Security Toolbar ==================== Restore Points ========================= 17-07-2013 14:45:47 Installed Microsoft Office Professional Plus 2010 17-07-2013 15:08:48 DirectX wurde installiert 17-07-2013 15:09:54 DirectX wurde installiert 17-07-2013 15:10:51 DirectX wurde installiert 17-07-2013 15:11:48 DirectX wurde installiert 17-07-2013 15:12:45 DirectX wurde installiert 17-07-2013 15:13:43 DirectX wurde installiert 17-07-2013 15:35:33 Installiert HWTablet 17-07-2013 15:43:32 Installiert Hanvon Soft 3.0 17-07-2013 18:01:33 Vor Benutzer auf D verschieben!!!!! 18-07-2013 08:37:45 Windows Update 18-07-2013 19:29:40 Windows Update 15-08-2013 07:25:14 Windows Update 15-08-2013 15:01:57 Windows Update 18-08-2013 16:09:01 Installed AVG 2013 18-08-2013 16:09:30 Installed AVG 2013 ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {3A08743D-2386-4E4F-97C4-4A1A582675FD} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {67E40878-4FBB-4B84-BFFD-5293496B68A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-10] (Adobe Systems Incorporated) Task: {E9E544BB-6C45-49C4-BAD9-D1950FE73371} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-07-10] (SlimWare Utilities, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/18/2013 07:44:32 PM) (Source: Application Hang) (User: ) Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 169c Startzeit: 01ce9c38dc310ca3 Endzeit: 13 Anwendungspfad: D:\Eigene Dateien\OTL.exe Berichts-ID: Error: (08/15/2013 06:23:09 PM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error: (07/18/2013 05:10:50 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: CorelDRW.exe, Version: 16.1.0.843, Zeitstempel: 0x4fff8124 Name des fehlerhaften Moduls: Wintab32.dll, Version: 3.0.0.1, Zeitstempel: 0x4ae66b46 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00001189 ID des fehlerhaften Prozesses: 0x1488 Startzeit der fehlerhaften Anwendung: 0xCorelDRW.exe0 Pfad der fehlerhaften Anwendung: CorelDRW.exe1 Pfad des fehlerhaften Moduls: CorelDRW.exe2 Berichtskennung: CorelDRW.exe3 Error: (07/18/2013 05:10:50 PM) (Source: .NET Runtime) (User: ) Description: Application: CorelDRW.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000094, exception address 02F61189 Stack: Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager) (User: NT-AUTORITÄT) Description: Die Anwendung oder der Dienst "TrueVector Internet Monitor" konnte nicht heruntergefahren werden. Error: (07/18/2013 10:15:55 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x508 Startzeit der fehlerhaften Anwendung: 0xtaskhost.exe0 Pfad der fehlerhaften Anwendung: taskhost.exe1 Pfad des fehlerhaften Moduls: taskhost.exe2 Berichtskennung: taskhost.exe3 Error: (07/17/2013 07:53:14 PM) (Source: Software Protection Platform Service) (User: ) Description: Fehler beim Erwerb der Endbenutzerlizenz. hr=0xC004C008 SKU-ID=586bc076-c93d-429a-afe5-a69fbc644e88 System errors: ============= Error: (08/18/2013 08:11:30 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (08/18/2013 07:23:03 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (08/18/2013 07:05:53 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (08/18/2013 03:49:59 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/18/2013 03:49:59 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/18/2013 03:49:58 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/18/2013 03:49:57 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (08/15/2013 06:21:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht richtig gestartet. Error: (08/15/2013 00:11:51 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error: (08/15/2013 00:11:50 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Microsoft Office Sessions: ========================= Error: (08/18/2013 07:44:32 PM) (Source: Application Hang)(User: ) Description: OTL.exe3.2.69.0169c01ce9c38dc310ca313D:\Eigene Dateien\OTL.exe Error: (08/15/2013 06:23:09 PM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT) Description: 0vsmon.exeTrueVector Internet Monitor03026216114840 Error: (07/18/2013 09:30:14 PM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT) Description: 0vsmon.exeTrueVector Internet Monitor0302621611484143003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730078006D006C0034002E0064006C006C000000 Error: (07/18/2013 05:10:50 PM) (Source: Application Error)(User: ) Description: CorelDRW.exe16.1.0.8434fff8124Wintab32.dll3.0.0.14ae66b46c000009400001189148801ce83c7c613de25C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exeC:\Windows\system32\Wintab32.dll3b1463a5-efbc-11e2-a1fc-902b34a84031 Error: (07/18/2013 05:10:50 PM) (Source: .NET Runtime)(User: ) Description: Application: CorelDRW.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000094, exception address 02F61189 Stack: Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT) Description: 0vsmon.exeTrueVector Internet Monitor03026216114840 Error: (07/18/2013 10:38:20 AM) (Source: Microsoft-Windows-RestartManager)(User: NT-AUTORITÄT) Description: 0vsmon.exeTrueVector Internet Monitor0302621611484143003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D00730078006D006C0034002E0064006C006C000000 Error: (07/18/2013 10:15:55 AM) (Source: Application Error)(User: ) Description: taskhost.exe6.1.7601.1801050aee407unknown0.0.0.000000000c00000050000000050801ce838f04265e51C:\Windows\system32\taskhost.exeunknown44390c38-ef82-11e2-b1cb-902b34a84031 Error: (07/17/2013 07:53:14 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004C008586bc076-c93d-429a-afe5-a69fbc644e88 CodeIntegrity Errors: =================================== Date: 2013-08-19 08:57:23.646 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-18 19:58:36.240 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-18 19:44:45.640 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-18 15:00:12.230 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-16 10:40:05.920 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-15 17:01:13.433 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-15 16:36:09.214 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-15 16:29:51.656 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 17:00:02.295 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 10:27:53.922 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 3069.24 MB Available physical RAM: 1471.32 MB Total Pagefile: 6136.77 MB Available Pagefile: 3444.99 MB Total Virtual: 2047.88 MB Available Virtual: 1899.36 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:423.6 GB) (Free:386.15 GB) NTFS Drive d: (09072013) (Fixed) (Total:507.81 GB) (Free:474.11 GB) NTFS Drive f: (CanonEOS223W) (CDROM) (Total:0.14 GB) (Free:0 GB) CDFS Drive g: (Sicherungen 06-07-13) (Fixed) (Total:1863.01 GB) (Free:1396.38 GB) NTFS Drive h: (USB DISK) (Removable) (Total:14.91 GB) (Free:10.27 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F57A120D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=424 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=508 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7CF62292) Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
19.08.2013, 11:55 | #4 | |
/// the machine /// TB-Ausbilder | PC scrollt automatisch nach unten Ist das ein Firmenrechner wo es ne eigene IT-Abteilung für gibt? Ist ein Laptop oder? Bist du handwerklich zu gebrauchen? Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.08.2013, 12:19 | #5 |
| PC scrollt automatisch nach unten Nein, bin Selbstständig ohne Angestellte, den PC (kein Laptop) benutze nur ich. Hanvon ist mein Grafiktablett aus Fernost, hat aber noch nie Mucken gemacht. |
19.08.2013, 16:43 | #6 | |
/// the machine /// TB-Ausbilder | PC scrollt automatisch nach untenZitat:
Kannst Du das Touchpad deaktivieren? Wenn ja machen und ne externe Maus anschliessen, nochmal testen. ich denke das Touchpad oder die Tastatur hat nen Macken, deswegen die Frage nach deinem handwerklichen Geschick.
__________________ --> PC scrollt automatisch nach unten |
19.08.2013, 21:52 | #7 |
| PC scrollt automatisch nach unten Hallihallo Schrauber, so wies aussieht scheints wieder zu gehen :-) :-) Vielen, vielen Dank :-) Ich habe das Grafiktablett deinstalliert und noch 2 andere Sachen die mir in diesem Fall sehr sehr seltsam vor kamen. Ich hatte den PC (kein Laptop) erst vor 4 Wochen neu aufgesetzt und war dazwischen im Urlaub, konnte deshalb auch nicht mehr alles ganz genau nachvollziehen was ich zuvor gemacht habe. Ich habe zwei verschiedene Mäuse ausprobiert und zu guter Letzt die Maus an nem anderen PC Port eingesteckt. Was auch noch seltsam war, wenn ich auf den Link ausm Thunderbird raus zu diesem Thread angeklickt habe, bin ich auf eine russische Seite weiter geleitet worden, nur Text, keine Bildchen oder so, nur kyrillische Schrift, mit nem Link darauf den man vermutlich nach deren Wünsche anklicken sollte, habe ich natürlich nicht gemacht. Auch wenn ich selber eine Firefox Seite öffnen wollte, bin ich nur da drauf gekommen. Internet Explorer hat aber normal funktioniert. Im Endeffekt habe ich also nicht wirklich viel gemacht, deswegen bin ich mir noch nicht zu 100% sicher ob wirklich alles funktioniert. Aber ich bin guter Dinge. Ich werde das Grafiktablett nun wieder neu installieren und dann mal sehen, die Software ist original, dürfte nicht daran liegen, aber vielleicht haben sich da irgendwelche Treiber nicht vertragen... Aber wieso dann diese russische Seite gestartet wurde, bleibt weiterhin ein Rätsel. Die Maus bleibt im anderen USB stecken. Sollte wieder erwarten trotzdem noch was diesbezüglich sein, dürfte ich mich nochmal melden? Ansonsten, nochmals herzlichen Dank, ich hatte mich wirklich im Kreis gedreht und alles mögliche ausprobiert, aber auf das Grafiktablett bin ich nicht gekommen da ich wie gesagt in dieser Hinsicht nie Probleme hatte, die russische Seite kann ich mir auch nicht erklären... Computer sind halt doch seltsame Wesen ;-) In diesem Sinne danke ich dir nochmal vielmals... Liebe Grüße, Tom |
20.08.2013, 12:36 | #8 |
/// the machine /// TB-Ausbilder | PC scrollt automatisch nach unten Alles klar, wenn noch was sein sollte einfach melden
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu PC scrollt automatisch nach unten |
7-zip, autorun, browser, canon, continue, desktop, error, firefox, firefox 23.0.1, flash player, helper, home, homepage, install.exe, kaspersky, logfile, mozilla, mp3, object, problem, realtek, registry, rundll, scrollen, security, senden, server, software, svchost.exe, taskhost.exe, viren, windows |