| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner JS/Agent.480412 entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.11.2013, 13:36
| #1 |
 |  Trojaner JS/Agent.480412 entfernen Hallo liebes Trojaner-Board-Team, ich habe mir den Bundestrojaner JS/Agent.480412 eingefangen. Ich hatte den schon einmal, da sah er aber ein bisschen anders aus. Bin jetzt im abgesicherten Modus mit Netzwerktreibern und habe die ersten Schritte (Avira Check und OTL-Download und OTL-Scan (mit Minimalausgabe und Use-safe-list) bereits durchgeführt. Hier das Avira-Log-file: _____________________________________________________________________________ Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 12. November 2013 14:29 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Abgesicherter Modus Benutzername : Inga Computername : DEEPTHOUGHTNG Versionsinformationen: BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00 AVSCAN.EXE : 13.6.0.1262 636984 Bytes 08.05.2013 05:21:32 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15 LUKE.DLL : 13.6.0.1262 65080 Bytes 08.05.2013 05:28:01 AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 08.05.2013 05:21:32 AVREG.DLL : 13.6.0.1262 247864 Bytes 08.05.2013 05:21:27 avlode.dll : 13.6.2.1262 432184 Bytes 08.05.2013 05:21:26 avlode.rdf : 13.0.1.12 25921 Bytes 16.05.2013 09:01:35 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 14:48:37 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 20:18:24 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:54:25 VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 18:54:25 VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 18:54:26 VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 18:54:26 VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 18:54:26 VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 18:54:26 VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 18:54:26 VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 18:54:26 VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 18:54:26 VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 18:54:26 VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 18:54:26 VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 18:54:26 VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 22:31:57 VBASE015.VDF : 7.11.81.137 130048 Bytes 30.05.2013 05:15:26 VBASE016.VDF : 7.11.81.255 207360 Bytes 31.05.2013 16:19:04 VBASE017.VDF : 7.11.82.91 156160 Bytes 03.06.2013 19:53:56 VBASE018.VDF : 7.11.82.169 220160 Bytes 04.06.2013 19:48:43 VBASE019.VDF : 7.11.83.27 325632 Bytes 06.06.2013 21:31:31 VBASE020.VDF : 7.11.83.121 320512 Bytes 07.06.2013 08:09:03 VBASE021.VDF : 7.11.83.210 244736 Bytes 10.06.2013 11:14:27 VBASE022.VDF : 7.11.84.59 333824 Bytes 12.06.2013 16:41:44 VBASE023.VDF : 7.11.84.163 264192 Bytes 14.06.2013 20:41:29 VBASE024.VDF : 7.11.84.233 203264 Bytes 16.06.2013 06:32:20 VBASE025.VDF : 7.11.85.43 265216 Bytes 18.06.2013 13:21:51 VBASE026.VDF : 7.11.85.44 2048 Bytes 18.06.2013 13:21:51 VBASE027.VDF : 7.11.85.45 2048 Bytes 18.06.2013 13:21:51 VBASE028.VDF : 7.11.85.46 2048 Bytes 18.06.2013 13:21:51 VBASE029.VDF : 7.11.85.47 2048 Bytes 18.06.2013 13:21:51 VBASE030.VDF : 7.11.85.48 2048 Bytes 18.06.2013 13:21:51 VBASE031.VDF : 7.11.85.110 217600 Bytes 19.06.2013 07:21:56 Engineversion : 8.2.12.64 AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 19:42:39 AESCRIPT.DLL : 8.1.4.122 487806 Bytes 13.06.2013 19:42:38 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 20:45:22 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 19:42:37 AEPACK.DLL : 8.3.2.20 749945 Bytes 18.06.2013 13:21:54 AEOFFICE.DLL : 8.1.2.60 205181 Bytes 18.06.2013 13:21:52 AEHEUR.DLL : 8.1.4.412 5955962 Bytes 13.06.2013 19:42:36 AEHELP.DLL : 8.1.27.2 266617 Bytes 04.06.2013 19:48:45 AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 12:04:01 AEEXP.DLL : 8.4.0.34 201079 Bytes 04.06.2013 19:49:00 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.31.2 201080 Bytes 20.02.2013 14:31:15 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38 AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 13:11:15 AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 13:11:24 AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 14:58:17 AVARKT.DLL : 13.6.0.1262 258104 Bytes 08.05.2013 05:20:15 AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 08.05.2013 05:21:22 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 13:11:27 NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 13:12:00 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40 RCTEXT.DLL : 13.6.0.976 69344 Bytes 31.03.2013 01:39:26 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 12. November 2013 14:29 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Treiber konnte nicht initialisiert werden. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '161' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '116' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1499' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\ProgramData\of1jot.js [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412 Beginne mit der Suche in 'D:\' <RECOVERY> Beginne mit der Desinfektion: C:\ProgramData\of1jot.js [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.480412 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5559e5b9.qua' verschoben! Ende des Suchlaufs: Dienstag, 12. November 2013 16:29 Benötigte Zeit: 1:50:54 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 42367 Verzeichnisse wurden überprüft 1738320 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1738319 Dateien ohne Befall 9631 Archive wurden durchsucht 0 Warnungen 1 Hinweise _____________________________________________________________________________ Und hier die OTL-Logfiles: _____________________________________________________________________________ OTL logfile created on: 13.11.2013 13:02:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inga\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,38% Memory free 3,49 Gb Paging File | 2,92 Gb Available in Paging File | 83,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 215,74 Gb Total Space | 136,41 Gb Free Space | 63,23% Space Free | Partition Type: NTFS Drive D: | 16,85 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: DEEPTHOUGHTNG | User Name: Inga | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Inga\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (wDokanMounter) -- C:\Program Files (x86)\Wuala Dokan\mounter.exe () SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (RtVOsdService) -- C:\Programme\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (wDokan) -- C:\Windows\SysNative\drivers\wdokan.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337} IE:64bit: - HKLM\..\SearchScopes\{6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{960C9478-3571-4EEE-9212-D95F8CC68355}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{BFDA9B07-3925-477E-8537-A683FFB06194}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337} IE - HKLM\..\SearchScopes\{6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{960C9478-3571-4EEE-9212-D95F8CC68355}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{BFDA9B07-3925-477E-8537-A683FFB06194}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp IE - HKCU\..\SearchScopes,DefaultScope = {6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337} IE - HKCU\..\SearchScopes\{4098AABB-8DB8-4B55-997C-64E5C357F22C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=e74db55a-a74f-477f-896d-e2796e8448aa&apn_sauid=4A92B6EA-D216-4B57-9A4B-DFACAC6CF558 IE - HKCU\..\SearchScopes\{6CF4DE86-ECC7-4B61-92E5-5B53A6CEC337}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{960C9478-3571-4EEE-9212-D95F8CC68355}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{BFDA9B07-3925-477E-8537-A683FFB06194}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: azhang%40cloudacl.com:0.19.6.9 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.126 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=e74db55a-a74f-477f-896d-e2796e8448aa&apn_ptnrs=%5EAGS&apn_sauid=4A92B6EA-D216-4B57-9A4B-DFACAC6CF558&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.09.11 14:38:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.11.12 16:38:55 | 000,000,000 | ---D | M] [2011.01.07 19:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\Extensions [2013.05.09 00:34:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\Firefox\Profiles\j5n7p5yy.default\extensions [2012.10.04 08:19:48 | 000,282,512 | ---- | M] () (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\firefox\profiles\j5n7p5yy.default\extensions\azhang@cloudacl.com.xpi [2013.05.09 00:34:57 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Inga\AppData\Roaming\mozilla\firefox\profiles\j5n7p5yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.18 22:28:25 | 000,002,413 | ---- | M] () -- C:\Users\Inga\AppData\Roaming\mozilla\firefox\profiles\j5n7p5yy.default\searchplugins\askcom.xml [2013.05.23 22:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.23 22:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013.05.23 22:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 22:28:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.09.11 14:38:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Avira Toolbar = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ CHR - Extension: Angry Birds = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.04.13 18:45:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\ProgramData\toj1fo.dat (Корпорация Майкрософт) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF565787-AFA9-4E52-86E9-4BDA5FE2B8ED}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEB8EAC9-FEEE-41BD-8735-FE65E71DF980}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\of1jot.bat) - C:\ProgramData\of1jot.bat () O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.11.13 13:00:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Inga\Desktop\OTL.exe [2013.11.12 14:19:54 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.06.18 08:30:39 | 000,176,128 | ---- | C] (Корпорация Майкрософт) -- C:\ProgramData\toj1fo.dat [2013.05.16 10:27:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [1 C:\Users\Inga\Documents\*.tmp files -> C:\Users\Inga\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.13 13:02:03 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.11.13 13:02:03 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.11.13 13:02:03 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.11.13 13:02:03 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.11.13 13:02:03 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.11.13 13:00:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inga\Desktop\OTL.exe [2013.11.13 12:57:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.11.13 12:57:27 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys [2013.11.13 12:55:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.11.13 12:55:07 | 095,023,320 | ---- | M] () -- C:\ProgramData\of1jot.pad [2013.11.12 17:42:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.11.12 17:42:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.11.12 16:42:42 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.11.12 16:42:42 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.11.12 16:42:42 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.11.12 16:36:22 | 000,002,634 | ---- | M] () -- C:\ProgramData\of1jot.js [2013.11.12 16:35:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.11.12 14:26:52 | 000,270,168 | ---- | M] () -- C:\Users\Inga\Desktop\cc_20131112_142632.reg [2013.11.12 14:20:07 | 000,692,616 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.11.12 14:20:07 | 000,071,048 | ---- | M] () -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.11.12 14:20:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.11.12 14:19:54 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [1 C:\Users\Inga\Documents\*.tmp files -> C:\Users\Inga\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.12 16:36:22 | 000,002,634 | ---- | C] () -- C:\ProgramData\of1jot.js [2013.11.12 14:26:44 | 000,270,168 | ---- | C] () -- C:\Users\Inga\Desktop\cc_20131112_142632.reg [2013.06.21 06:21:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\qeroni7.dat [2013.06.18 08:30:52 | 000,000,152 | ---- | C] () -- C:\ProgramData\of1jot.reg [2013.06.18 08:30:52 | 000,000,056 | ---- | C] () -- C:\ProgramData\of1jot.bat [2013.06.18 08:30:43 | 095,023,320 | ---- | C] () -- C:\ProgramData\of1jot.pad [2013.05.16 22:35:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\l4riqo.dat [2013.05.16 10:27:09 | 000,000,150 | ---- | C] () -- C:\ProgramData\8h4t.reg [2013.05.16 10:27:09 | 000,000,054 | ---- | C] () -- C:\ProgramData\8h4t.bat [2013.05.16 10:27:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\8h4t.pad [2013.04.23 06:54:24 | 000,000,004 | ---- | C] () -- C:\Users\Inga\AppData\Roaming\AltShell.ini [2013.01.01 15:33:05 | 000,000,017 | ---- | C] () -- C:\Users\Inga\AppData\Local\resmon.resmoncfg [2012.11.25 15:40:02 | 000,013,866 | ---- | C] () -- C:\Users\Inga\.recently-used.xbel [2012.06.05 19:32:39 | 000,000,702 | ---- | C] () -- C:\Windows\wiso.ini [2012.04.15 21:53:40 | 000,692,616 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayerApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > _____________________________________________________________________________ und die zweite: _____________________________________________________________________________ OTL Extras logfile created on: 13.11.2013 13:02:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inga\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 65,38% Memory free 3,49 Gb Paging File | 2,92 Gb Available in Paging File | 83,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 215,74 Gb Total Space | 136,41 Gb Free Space | 63,23% Space Free | Partition Type: NTFS Drive D: | 16,85 Gb Total Space | 2,43 Gb Free Space | 14,45% Space Free | Partition Type: NTFS Computer Name: DEEPTHOUGHTNG | User Name: Inga | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0019CF07-6FDB-4AB4-9975-E1026A19FCFC}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0F47A94D-8D26-4C4E-9E1A-FFDF46B69825}" = lport=137 | protocol=17 | dir=in | app=system | "{0F5A91CD-79E7-454A-86B1-007CFA557987}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{15E0C887-154F-401E-A6A4-3585FFDA5D50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19B4696C-5228-4BD0-9703-06CA391389E1}" = lport=29603 | protocol=6 | dir=in | name=tcp 29603 | "{25C72056-A39C-4EAF-9482-3CD6E7F492DA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F2CCFB9-954F-4E12-972B-D0DDBAC81BFB}" = lport=26119 | protocol=6 | dir=in | name=tcp 26119 | "{3064D6DD-F97E-43F2-9BFE-DC34764FA767}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3156379C-4DB6-4EE0-BA60-8191E9357255}" = rport=445 | protocol=6 | dir=out | app=system | "{36616D64-6C76-4A68-A244-D67DA839959D}" = lport=16481 | protocol=17 | dir=in | name=udp 16481 | "{5CE637B8-A8DB-407B-8D5C-80D7962EC8B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D70BB50-DF5E-4146-A057-B050489F4FF0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{5FB03CAB-3A44-4F45-8B05-8480BC7D7826}" = lport=138 | protocol=17 | dir=in | app=system | "{76D74D18-3408-4D64-90AC-C2260DA123DC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{8AFD180F-8157-4158-8D5E-45913092C2D1}" = rport=139 | protocol=6 | dir=out | app=system | "{93C2DA99-6BD8-415D-AD27-8279E898FE0C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{949C514C-C79B-406C-9E87-CBDF171FA713}" = lport=2869 | protocol=6 | dir=in | app=system | "{94FE1715-E30F-44C8-B2DC-57288BBF927E}" = lport=26119 | protocol=6 | dir=in | name=tcp 26119 | "{99B8BCF6-37C7-48D8-A3F3-9DA249F83A39}" = rport=138 | protocol=17 | dir=out | app=system | "{9E32F4EB-9EDD-4DF5-A493-E4A7A1A88C2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9F6DDCB5-F7B1-4449-96CC-AB4BD288D3ED}" = rport=10243 | protocol=6 | dir=out | app=system | "{9FEDC4FE-4111-415F-92DB-7ADDC3AD662A}" = lport=10243 | protocol=6 | dir=in | app=system | "{A01A1834-B44F-4AF7-B4B4-D8DE852C3D9C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A07D84EF-B162-4072-BCCD-C3D9F9EA58A9}" = lport=16185 | protocol=17 | dir=in | name=udp 16185 | "{A43A1020-FD5F-4184-82D2-5E5288DE8A4D}" = lport=16185 | protocol=17 | dir=in | name=udp 16185 | "{BF4A0A7C-ACC7-4A33-8D18-DDECFB193A9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C1CC6582-DC04-4A6D-93B7-5C8ED76582A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5A242AB-490B-43E4-A10C-C42A85BA86DB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8C6A964-F9E1-4BC7-82D3-FB3B3D090F69}" = rport=137 | protocol=17 | dir=out | app=system | "{CA5F44A5-33A1-40DF-B278-BB21E4B05FFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CBC60348-3FE4-4E1E-A2F6-7B646D1EF520}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CE5C1D9F-4D69-444F-9AFD-3235595B08FA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D3F99F7E-F15D-4681-A506-54FEE4A76D11}" = lport=139 | protocol=6 | dir=in | app=system | "{D4883FA5-7393-47AF-9996-5A402E305E56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5CE10F7-1393-412C-862D-EB3A08766DA2}" = lport=16481 | protocol=17 | dir=in | name=udp 16481 | "{DFEEC5AC-71B6-4990-BE04-219941BA17EF}" = lport=445 | protocol=6 | dir=in | app=system | "{E6E9D14D-A176-4A84-861E-A891B8D2D67E}" = lport=29603 | protocol=6 | dir=in | name=tcp 29603 | "{EC76539E-F54D-4897-8EEC-FE7456814669}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EE0289E0-FFCE-44C3-94D2-E54F61EB2E9A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0165DAF8-B6C2-4EF2-8767-44CD5E8BF4B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{023FB60A-4FC6-4E08-B261-2EAC09117046}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{04E60FB5-5CA4-43D9-A52F-861A0ED23919}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{05047666-BED4-459C-9021-1F2A746585EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{08D9334A-5F7D-499B-91B5-0CC7A0816880}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{09D2292C-6D9E-4FF1-909C-0D1CB78D916A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0E115BCD-3E47-40D9-9B17-D421F42B3F48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0F5C6D7E-501B-40D3-8D3C-0C8F58300AE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0F8DFBF3-127D-49DD-AEA4-50B865DE1899}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{12FAD6B8-5E19-4DCD-8B79-A06983559DE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{131C8BF4-1E57-499F-8B5A-302B90910911}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{135D7A48-869E-432C-9892-50F62BADF929}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{14CCFFC9-975E-4EB0-AF6A-81E87893B1DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{15BD1207-D782-4027-9CBD-33350A232EC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{18455741-6CDE-4DA0-A9F3-BF1F70035732}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{19403F3C-8736-4349-A062-64BADB8C6A07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1AC398C8-9BC2-4D72-A0F2-E3B2E24F8A3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{25D24A88-CFBD-4FC0-AE82-CCBB72621356}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{261D021E-2348-41D3-BE87-8455EC80341D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2A0745C6-B762-4E02-9590-843A9773C3F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2A251466-0DA0-46C0-A1DB-A56AE7E9AD75}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2FD67E4B-E7B6-48DA-8767-465CA88E86CB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{35C593BD-C5F8-40EC-8A65-41DED2F2DE79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{3638CC72-87DC-4742-A34C-F9F56DDE9FAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{37780DB7-04AB-4490-B4DE-90593D69CF81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{38CFD2FC-49A3-4AEF-87C1-F0A5D7292EB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{38D4905E-8A41-40BA-AA8A-B2EF7626828A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{392B3E50-F1D9-4993-8AAF-B4C5EA2A689C}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{3A95A6DA-F1DF-4FF0-A36C-DB6757A84886}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3F03EC56-1B9C-4F50-96AB-DE05E695993C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{40FB2214-7A59-401D-B7D2-F0DC5E0A2539}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{420B9308-D6FD-417A-97B7-C66805B17588}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{46851916-3B55-48BF-9FE4-CD742CEE72B5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4DD5B97C-80C2-4846-BB26-F91E2FF9C347}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{4E39E45C-018E-4CDB-8CD8-176235698915}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{51F60204-A58E-4915-97B1-4871C22FC2C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{529B5335-2D92-43F4-8E7B-DD86A04A1469}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{53D7817C-6D5A-43FA-B24C-582051825093}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{53F1DB14-0D7C-4DC0-8649-EFED1FD27823}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{55DBDCAF-AD48-4EC3-8080-2DF45D497CE5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5721B205-1709-471C-8D8F-291B4A2D8BCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5A095591-E0AD-4AA2-AE36-050569A5648A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5CDE7C18-2776-4B87-A392-48A621FEBF62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5EB95412-20A0-47F8-9EE3-F3F6F7ADF971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{60E29D4D-39D5-4DA7-9ED3-A032EC671BEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{63B7B7AD-8B95-4BB4-B634-F6DA8F5241A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6829FE48-8CE5-4DF8-8649-58599A5B9981}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6EAF72DE-8FFC-427B-8773-9253DD8C92AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{715152AC-B37C-48B8-9724-A5C5CD8EC717}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7349ED3F-6F92-4247-8743-81B6DBDEB0C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7923472D-A507-4461-83F9-85D60D9A6AC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{79583C4F-7309-486C-9969-B7C983357A3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{79E381C2-F591-4E56-870F-E5E079A2E6A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{7A39BEB0-F9D2-4C69-BD5A-E01CE6FB28D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{81D38CB7-717E-4F81-837D-BCF0875AF4A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{857C8FBA-ADE5-4FA0-A73F-8391812BAD15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{864447CE-B574-45C1-9B7F-A7A3C7672537}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{88F09E45-8145-486F-8B83-9FE9269C209F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{89B2B9B3-F728-41E1-A387-95DEFDCC1EC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8BAABFB8-BCF6-4D23-87A1-1C15035F95A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8DE5E178-9BF6-43F9-9D8B-89A8FF1E2A26}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8F2BBC42-ABFA-4EBD-9882-AB2519F524A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{908E5641-8220-43A6-83E3-89975828007F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{93B8D909-170C-4267-965A-67419ED4AD10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{96226533-8CF4-4E6F-B76F-E28127B7DC16}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{996652B0-F822-483B-BF98-86F81581102E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9B6F230A-541E-4ADF-B715-13B59AF44C3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9F6FBA5E-AAC0-468C-B8AA-E168A0EC3385}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A29FC0D0-F8DE-47D7-B224-BB296E5C943B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A34C8C9D-F990-4F29-BE0D-E8CBE0671381}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{A77C8962-1C66-48CF-A7CB-4B6C4FBDE125}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC2FFE78-CFAA-44DC-9EDA-DB30462E37CF}" = protocol=6 | dir=out | app=system | "{B14E4B27-16D6-43D6-ACED-DA9B395A3D42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B15DCA24-5A71-47C7-9D9B-60154BDC6563}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B594DF51-36E9-4501-B4CD-912D9077337E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B6E0B16A-84CA-43DB-BF9E-61405258E2E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B79A081D-1BB0-48DB-8F12-8C409A20805A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BD7370FD-1D95-4EA4-9F8F-6BBD7FE00AE2}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | "{C26D8262-8E39-4878-B55B-4066D19ADE48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C3481748-0EE6-45A8-80B0-C20D241522D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C3FAC55A-0075-4F98-A4D2-4C370BC8FF52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CA4F8F82-F056-4B17-932A-CD69BBCD4388}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CAB72C32-F834-4E63-8E3E-D641B5F0DE76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D131C0C9-33F4-4830-B844-9689DBA69D49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D4FFDC6D-D885-4611-8085-DF97C7BEABF7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D6707E06-2B10-4349-B2A8-9413E43BF277}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{D699FF23-298E-40CD-997D-87C64D2133B1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D6F5026C-7261-4049-A7A4-F1CE62457F76}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DAF4E789-84E1-418B-AECD-2C0CB1BC36EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DB7A43E5-EC14-4639-B038-0B85124E4872}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DF8DAEAB-0B48-4E56-9B2F-6BDF622F4E29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{EA2F08B8-7C08-44CF-98D6-F84C199BE9DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EC3E81CD-2F23-45BB-93E7-6C8298637059}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{EFDB4EF8-879F-456C-88B6-A540F05B44D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F077DE93-160F-4219-9B31-9704AE990DD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F1CC534B-E20B-448A-8B8B-C6C752B2EA5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F2811D22-2869-441E-BB53-9364E9F40A3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F729D002-9829-491C-89F9-C1CD65E1BDA2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F85EE48F-F837-4D49-9CF8-C8745C100CA8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FBD2F3E9-F408-4A02-A5F8-492ECE8515D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FBF92F9A-48C2-4C85-8B2E-11E673C0D714}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD556766-9FBD-4344-B987-72F16FFE1573}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FDAB24D3-1342-456C-8269-86B56249A8EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "TCP Query User{2CB2B461-2A3C-452C-97CC-8D28F986841A}C:\users\inga\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\inga\appdata\roaming\wuala\wuala.exe | "TCP Query User{88EFF796-BFED-4D5B-8695-0320FBE6FD5F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{BABD59BC-3F33-46D1-9665-310CAAB362FB}C:\users\inga\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\inga\appdata\roaming\wuala\wuala.exe | "TCP Query User{F98AA24E-7BA0-43C2-B4F5-981EE8D4A763}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{0F023FC8-AF63-4E2B-B164-1371E23F4D63}C:\users\inga\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\inga\appdata\roaming\wuala\wuala.exe | "UDP Query User{135481CB-B525-4D43-9B4C-0C850D246E03}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "UDP Query User{1834833D-1DE8-49F5-AAE2-A4DB6E5D0382}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{1B70B5D7-ADA0-4622-8A4C-5C40EC63BEA4}C:\users\inga\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\inga\appdata\roaming\wuala\wuala.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64 "{E342EC6B-5F25-47FE-B92C-DE616149B430}" = HP Wireless Assistant "{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "EPSON Printer and Utilities" = EPSON-Drucker-Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai "{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish "{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech "{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds "{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser "{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish "{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39 "{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service "{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German "{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010 "{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009 "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{45FFEC16-0615-47E2-8B70-CBAFD31D820C}" = Angry Birds Space "{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011 "{4933D2E2-B621-487F-A7E7-96DA7312BCFE}" = Angry Birds Rio "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager "{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010 "{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional "{54969445-4892-4C62-AD25-673EBE24CF44}" = Angry Birds Seasons "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New "{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup "{72F81C20-8C0F-46F7-BEE2-A54CE504F9EB}" = HP Software Framework "{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian "{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation "{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish "{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light "{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English "{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All "{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish "{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian "{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "DivX Setup" = DivX-Setup "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "Inkscape" = Inkscape 0.48.2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012 "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "My HP Game Console" = HP Game Console "Opera 11.64.1403" = Opera 11.64 "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 2.0.5 "WildTangent hp Master Uninstall" = HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WT087361" = FATE "WT087380" = John Deere Drive Green "WT087394" = Penguins! "WT087396" = Polar Bowler "WT087420" = Agatha Christie - Death on the Nile "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087480" = Insaniquarium Deluxe "WT087485" = Jewel Quest II "WT087490" = Jewel Quest Solitaire "WT087501" = Plants vs. Zombies "WT087510" = Slingo Deluxe "WT087513" = Virtual Villagers - The Secret City "WT087519" = Wedding Dash "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "Wuala CBFS" = Wuala CBFS "Wuala Dokan" = Wuala Dokan ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Wuala" = Wuala ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24.04.2013 02:35:22 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 28.04.2013 15:54:27 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 30.04.2013 18:36:12 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 30.04.2013 19:10:08 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 01.05.2013 00:16:38 | Computer Name = DeepthoughtNG | Source = ESENT | ID = 215 Description = WinMail (3552) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 01.05.2013 00:16:45 | Computer Name = DeepthoughtNG | Source = ESENT | ID = 215 Description = WinMail (3756) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 05.05.2013 05:41:26 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 06.05.2013 04:54:33 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 08.05.2013 08:42:33 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 10.05.2013 21:17:08 | Computer Name = DeepthoughtNG | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. [ Hewlett-Packard Events ] Error - 12.02.2013 05:22:35 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 12.02.2013 05:22:35 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 12.02.2013 05:22:47 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 17.02.2013 13:42:49 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 03.03.2013 10:29:34 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 08.03.2013 01:30:05 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 08.03.2013 01:30:23 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 08.03.2013 01:30:23 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 08.03.2013 01:31:02 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = Error - 17.03.2013 11:44:24 | Computer Name = DeepthoughtNG | Source = HPSF.exe | ID = 4000 Description = [ HP Wireless Assistant Events ] Error - 16.02.2012 07:29:06 | Computer Name = DeepthoughtNG | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 16.02.2012 07:29:28 | Computer Name = DeepthoughtNG | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 27.08.2012 06:34:42 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 16.10.2012 14:19:52 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 23.10.2012 08:54:00 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 23.01.2013 18:04:54 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 04.04.2013 16:06:37 | Computer Name = DeepthoughtNG | Source = HP WA Application | ID = 0 Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup; failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object sender, StartupEventArgs args) Error - 04.04.2013 16:06:45 | Computer Name = DeepthoughtNG | Source = HP WA Application | ID = 0 Description = MainWindow.ShowImpl; not initialized, closing application... Error - 07.05.2013 02:40:34 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() Error - 17.06.2013 02:31:56 | Computer Name = DeepthoughtNG | Source = HP WA Service | ID = 0 Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize() bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName) bei HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios) bei HPPA_Service.CurrentConfiguration.ReloadRadioList() [ Media Center Events ] Error - 07.02.2011 08:35:13 | Computer Name = DeepthoughtNG | Source = MCUpdate | ID = 0 Description = 13:35:13 - Fehler beim Herstellen der Internetverbindung. 13:35:13 - Serververbindung konnte nicht hergestellt werden.. Error - 07.02.2011 08:35:28 | Computer Name = DeepthoughtNG | Source = MCUpdate | ID = 0 Description = 13:35:18 - Fehler beim Herstellen der Internetverbindung. 13:35:18 - Serververbindung konnte nicht hergestellt werden.. Error - 20.04.2011 13:25:34 | Computer Name = DeepthoughtNG | Source = MCUpdate | ID = 0 Description = 19:25:34 - Fehler beim Herstellen der Internetverbindung. 19:25:34 - Serververbindung konnte nicht hergestellt werden.. Error - 20.04.2011 13:25:43 | Computer Name = DeepthoughtNG | Source = MCUpdate | ID = 0 Description = 19:25:40 - Fehler beim Herstellen der Internetverbindung. 19:25:40 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 13.11.2013 08:07:43 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:11:53 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:11:53 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:11:53 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:12:43 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:12:43 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:12:43 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:13:51 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:13:51 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.11.2013 08:13:51 | Computer Name = DeepthoughtNG | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > _____________________________________________________________________________ Danke im Voraus für eure Hilfe! LG, Trillian |
| Themen zu Trojaner JS/Agent.480412 entfernen |
| avira, bundestrojaner, desktop, diner dash, error, failed, firefox, flash player, helper, home, js/agent.480412, js/agent.nid, launch, mozilla, nodrives, plug-in, programm, prozesse, registry, richtlinie, rundll, security, software, svchost.exe, trojan.ransom, usb, win32/kryptik.bduo, win32/reveton.m, windows |
Baum-Darstellung