So mal eine kleine Aktualisierung,
SuperANTISypware Free Edition ließ sich leider nicht anständig ausführen da jedesmal der Arbeitsspeicher schon beim starten des Programms vollkommen überlastet wurde und auch nach sehr langer Wartezeit nicht passiert ist.
Sonst hat sich alles umsetzten lassen:
Erster OTL scan hat dieses Log ausgespuckt Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\b8phw04a.default\searchplugins\conduit.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator deleted successfully.
C:\Users\Steffi\AppData\Roaming\Identities\{F11849AE-9857-46E0-B3EE-A4B011301293}\LicenseValidator.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Steffi\AppData\Roaming\Identities\{F11849AE-9857-46E0-B3EE-A4B011301293}\LicenseValidator.exe not found.
C:\Users\Steffi\AppData\Roaming\Ukhoge folder moved successfully.
C:\Users\Steffi\AppData\Roaming\Hoca folder moved successfully.
C:\Users\Steffi\AppData\Roaming\Fepeu folder moved successfully. < ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffi\Desktop\cmd.bat deleted successfully.
C:\Users\Steffi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Avifauna
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Grafik
User: Grafiken_Tabellen
User: Grünland_Bilder
User: H2O_Grafiken
User: Mongolei
User: Public
User: Steffi
->Temp folder emptied: 1248325 bytes
->Temporary Internet Files folder emptied: 361274 bytes
->Java cache emptied: 3889743 bytes
->FireFox cache emptied: 60319197 bytes
->Flash cache emptied: 922 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76553376 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 136.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_122053
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000001974D7F361D0F0D4F not found!
PendingFileRenameOperations files...
File C:\Windows\temp\TMP00000001974D7F361D0F0D4F not found!
Registry entries deleted on Reboot... Eset hat dann nochmal was gefunden im OTL moved files ordner Code:
C:\_OTL\MovedFiles\07142012_122053\C_Users\Steffi\AppData\Roaming\Identities\{F11849AE-9857-46E0-B3EE-A4B011301293}\LicenseValidator.exe Variante von Win32/Kryptik.AIIL Trojaner Gesäubert durch Löschen - in Quarantäne kopiert Und noch die Logs des letzten OTL runs
OTL Logfile: Code:
OTL logfile created on: 7/15/2012 2:48:03 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Steffi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
767.43 Mb Total Physical Memory | 263.29 Mb Available Physical Memory | 34.31% Memory free
1.75 Gb Paging File | 0.88 Gb Available in Paging File | 50.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.20 Gb Total Space | 6.92 Gb Free Space | 23.68% Space Free | Partition Type: NTFS
Drive D: | 42.33 Gb Total Space | 23.47 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Computer Name: AURORA | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/13 11:02:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/08 21:10:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 21:10:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 21:10:44 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 21:10:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office12\GrooveMonitor.exe
PRC - [2008/09/01 01:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
========== Modules (No Company Name) ==========
MOD - [2011/05/28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/07/12 18:13:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/20 20:31:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/08 21:10:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 21:10:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a97t3ej9)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/08 21:10:54 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 21:10:54 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/18 00:06:27 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010/08/01 14:35:01 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/07 12:16:16 | 000,376,160 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2009/10/08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/06 11:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/20 09:14:00 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2006/09/14 10:44:00 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/07/28 15:20:44 | 000,027,008 | ---- | M] (Siemens AG ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\siusbmod.sys -- (siusbmod)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 D1 D2 91 AC 61 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 20:31:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/14 12:32:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/07/06 08:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/20 20:31:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/14 12:32:38 | 000,000,000 | ---D | M]
[2010/07/28 13:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions
[2010/07/28 13:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/04 09:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\b8phw04a.default\extensions
[2011/11/13 14:23:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\b8phw04a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/07/09 13:55:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\b8phw04a.default\extensions\engine@conduit.com
[2012/07/15 12:20:28 | 000,001,056 | ---- | M] () -- C:\Users\Steffi\AppData\Roaming\Mozilla\Firefox\Profiles\b8phw04a.default\searchplugins\icqplugin.xml
[2012/04/18 08:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 20:31:35 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 20:31:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Steffi\AppData\Roaming\Identities\{1899B451-4F96-4EBA-8AEF-C32EF7E59E61}\LicenseValidator.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED02B21-9D48-44B4-B40F-0D5F41731B50}: NameServer = 134.76.10.46,134.76.33.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5955B97-C2DB-4DF3-81FA-F28589616B48}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/14 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/14 12:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/14 12:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/14 12:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/14 12:34:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/14 12:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/14 12:32:38 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/14 12:32:38 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/14 12:31:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/14 12:31:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/14 12:20:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/13 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\Steffi\Desktop\zbot
[2012/07/13 11:02:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2012/07/11 15:49:13 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 15:23:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/11 15:23:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/11 15:23:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/11 10:12:21 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Sun
[2012/07/10 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\vlc
[2012/07/06 23:29:56 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Opera
[2012/07/04 15:51:55 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Help
[2012/07/04 15:47:26 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\TeamViewer
[2012/06/19 18:32:02 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 18:32:01 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 18:31:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 18:31:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 18:31:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 18:31:32 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 18:31:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/15 22:39:13 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Macromedia
========== Files - Modified Within 30 Days ==========
[2012/07/15 14:13:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/15 12:14:31 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:14:31 | 000,014,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 12:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/15 12:06:34 | 603,529,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 12:48:09 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/14 12:31:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/14 12:31:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/13 11:02:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Desktop\OTL.exe
[2012/07/12 20:08:36 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 18:13:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/12 18:13:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/12 17:24:38 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/06 08:35:01 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/23 11:29:00 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/23 11:29:00 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/23 11:29:00 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/23 11:29:00 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/23 11:25:57 | 000,001,089 | ---- | M] () -- C:\Users\Steffi\Desktop\Adobe Photoshop 7.0.lnk
========== Files Created - No Company Name ==========
[2012/07/14 12:48:09 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/12 19:56:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 11:25:57 | 000,001,089 | ---- | C] () -- C:\Users\Steffi\Desktop\Adobe Photoshop 7.0.lnk
[2012/04/24 21:29:53 | 000,016,872 | ---- | C] () -- C:\Users\Steffi\.recently-used.xbel
[2011/06/19 08:22:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/01 00:29:26 | 000,194,298 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/04/01 00:29:26 | 000,000,253 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/02/02 19:14:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/02 19:14:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/02 19:14:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/02 19:14:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/02 19:14:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/02 19:14:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/02 19:14:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/02 19:14:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/02 19:14:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/02 19:14:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/02 19:14:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/02 19:14:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/02 19:14:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/02 19:14:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/02 19:14:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/02 19:14:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/02 19:14:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/02 19:14:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/02 19:14:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/02 18:45:14 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010/11/13 18:29:57 | 000,000,337 | ---- | C] () -- C:\Users\Steffi\AppData\Local\Perfmon.PerfmonCfg
[2010/11/13 16:15:10 | 000,011,330 | ---- | C] () -- C:\Users\Steffi\gsview32.ini
[2010/08/29 16:48:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/01 17:44:35 | 000,045,880 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.001
[2010/08/01 17:34:06 | 000,045,880 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\nvModes.dat
========== LOP Check ==========
[2010/08/01 14:46:36 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DAEMON Tools Lite
[2012/04/21 12:41:35 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoft
[2011/11/14 11:49:40 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/02 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\EPSON
[2012/04/24 21:30:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\gtk-2.0
[2012/07/12 19:07:25 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ICQ
[2012/04/21 15:55:27 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\IrfanView
[2010/11/12 18:04:48 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Notepad++
[2012/07/06 23:29:56 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Opera
[2012/07/12 18:19:03 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\TeamViewer
[2010/07/28 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Thunderbird
[2011/08/19 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Tinn-R
[2011/05/14 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\xm1
[2012/06/30 10:30:43 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
[/CODE]
OTL Logfile: Code:
OTL Extras logfile created on: 7/15/2012 2:48:03 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Steffi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
767.43 Mb Total Physical Memory | 263.29 Mb Available Physical Memory | 34.31% Memory free
1.75 Gb Paging File | 0.88 Gb Available in Paging File | 50.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.20 Gb Total Space | 6.92 Gb Free Space | 23.68% Space Free | Partition Type: NTFS
Drive D: | 42.33 Gb Total Space | 23.47 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.86 Mb Free Space | 71.87% Space Free | Partition Type: NTFS
Computer Name: AURORA | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAC615A-233D-4BAD-A116-29E9B3041495}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{11A50E08-96AE-4063-8EA5-A2757BED2FB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2775DDBD-11F4-45A8-8AB8-ED3F3FB45D62}" = lport=10243 | protocol=6 | dir=in | app=system |
"{311F6548-8925-4168-8FE4-9F9176829D0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A8F8153-2E6E-4C1E-B667-6830D8A079A6}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F3520E3-928A-445D-A463-450F35049AA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{455F66E8-676E-4E74-9F96-955010476EAA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4DCB273D-88F0-477A-ABCF-9D34B31405EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{528D3E19-B9BA-4D17-881C-F3E0D3E3283A}" = rport=445 | protocol=6 | dir=out | app=system |
"{5B280DA7-C2C8-4EE5-A467-DCF107ED5A45}" = rport=138 | protocol=17 | dir=out | app=system |
"{60656CBC-538A-4844-B8C4-3DBA091C3B1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65573B26-333B-46B8-A318-FF0C6CF367FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66B126B3-DB3E-4D71-BB92-B42881F97902}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A3E415D-FC04-4C54-9289-B7478E294EE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C03126F-7EEA-4A86-9E69-3E5703583EDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{771B85D1-3C25-4F14-8923-58464F293586}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C0AAF94-E98B-4C56-96F9-B4E7B213FDD9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4E742A3-AFB7-403D-B099-CCE38742E0BC}" = lport=139 | protocol=6 | dir=in | app=system |
"{B6B1432F-4F68-42BC-BC0E-B6D2DE8120D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{B72793B6-34F9-471F-9E12-28AC83922D73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3F782B3-99DF-4BD6-9DCB-34FA50A64203}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1CE3EA8-DAFF-4E22-AB4A-A94267D5847A}" = rport=139 | protocol=6 | dir=out | app=system |
"{F91BA7BE-7710-4352-AD0F-6D20D392288E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03168DEB-DD0C-441A-A42C-F03ADF0C933D}" = protocol=17 | dir=in | app=c:\program files\office12\groove.exe |
"{051DC26D-5708-4DDF-9198-14561E25B05A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F43C2A3-C51F-4BCF-B54A-25A9D4C5EAF1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1750C816-031E-427A-BE55-5B90578A313D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1BB4BA4A-A5C6-4BF9-BAC0-C921200C436E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EE64FCC-1A3F-447E-8D7B-7AAB3383F5B7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2D7CED58-9130-4213-AC69-3E61F81C1DE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33F530A3-9833-4E5A-BAB8-DE88E46F8F11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{343ACD3C-8E7A-4EDD-A0DC-56828C73C94E}" = protocol=6 | dir=in | app=c:\users\steffi\appdata\local\apps\2.0\w60cmb4d.4cx\vp6cv06l.t2k\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{36D44B9E-2BC9-4CB8-AED0-2258CA7B145E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3D092767-F1B9-49C6-A861-4FECAAE947D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{400645DF-38F7-4B8B-851F-D46DAF64DD6A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{412F1A85-2197-40CA-A883-33BEB2C47913}" = protocol=6 | dir=in | app=c:\program files\office12\onenote.exe |
"{693B5531-A109-4391-880D-1F16FD62572C}" = protocol=6 | dir=in | app=c:\users\steffi\appdata\local\apps\2.0\w60cmb4d.4cx\vp6cv06l.t2k\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{74D9AFE1-8309-4C1E-935A-EAA59C972A9D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75E592D8-C969-4768-8CA8-D66691BA3599}" = protocol=17 | dir=in | app=c:\program files\office12\onenote.exe |
"{7731047D-7DAE-48DE-91AA-F2380BB74F38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AC97C1A-3C06-4F9F-A178-3F02B56BBCE1}" = protocol=17 | dir=in | app=c:\users\steffi\appdata\local\apps\2.0\w60cmb4d.4cx\vp6cv06l.t2k\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{7F82F8E7-A349-4A9E-847E-4D677E2C6477}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{80F3B12B-BAFC-40A5-81E1-CDDC95032CCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82B2434E-8AD8-40AC-A8CD-27AFBFCB2F61}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{82D7E595-4A93-4C7F-BD03-523D37102A01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83270959-B595-480B-9662-728C52B87AC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{91193D85-550E-40FB-8B5B-2DE235228491}" = protocol=6 | dir=out | app=system |
"{9F5A9957-B116-4E80-9413-FCA1D39C077F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A17705D5-29BF-4D23-A0CB-F52D69766D0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{AA8511A0-3FCE-4447-BA0A-2A2E815872B6}" = protocol=6 | dir=in | app=c:\program files\office12\groove.exe |
"{B859A059-8206-4DEE-A76D-F7901FAA4F55}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{BB706D06-0FC9-4572-B5A5-05A73274F7A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFA7BF43-4342-4CFE-BAFE-C78D1DA88354}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C0324316-1A2C-4963-A9BB-FE0D48268175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F5EC1D-7D3D-4049-A6F1-1750B153B6C5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CA28871F-A429-486F-A3D7-6F4990F52222}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D1CC0286-5605-4EA7-B913-B076F7B5722D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D31B92C7-A6D3-412A-A831-DB614F3B1782}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9FDB5EB-3DD1-4187-A961-8174D00ACDFC}" = protocol=17 | dir=in | app=c:\users\steffi\appdata\local\apps\2.0\w60cmb4d.4cx\vp6cv06l.t2k\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{E7E94973-8E3F-4A82-87D5-575CA01C192C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFD03543-9FD5-48D4-BA47-7904EA072777}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0CD17A98-2F54-4CE4-B297-8499132120F0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3DF3BCBC-3678-4CD3-AB6A-00C32C21C90B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{7786F421-D4CA-45D8-8A07-EC02E3BC8F6A}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
"UDP Query User{C15F5217-1637-4656-9963-D7BEA3F62455}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{CBBAC22A-0C01-4BFE-A28A-43156802FF5A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E2149FBC-6CC9-45D1-9839-D32A349202DE}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5B12573C-9C90-4790-BFEE-2BC43C2EB997}" = SmartSync
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{938D9C57-3CF0-4DA8-B04E-EF99501859B5}" = Mobile Phone Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.920
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.19.412
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"ImageJ_is1" = ImageJ 1.45s
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"ST6UNST #1" = IsoSource
"Texmaker" = Texmaker
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fed3d27a35326b74" = LeafArea-Calculater
"MiKTeX 2.8" = MiKTeX 2.8
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/15/2012 2:50:34 AM | Computer Name = Aurora | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/15/2012 2:50:36 AM | Computer Name = Aurora | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/15/2012 2:51:23 AM | Computer Name = Aurora | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/17/2012 1:51:02 PM | Computer Name = Aurora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0xd74 Startzeit der fehlerhaften Anwendung:
0x01cd4ca7fd65a980 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
009f44d0-b8a5-11e1-b2c5-001617550b12
Error - 6/18/2012 5:25:02 PM | Computer Name = Aurora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x000ccb60 ID des fehlerhaften Prozesses: 0xcb4 Startzeit der fehlerhaften Anwendung:
0x01cd4d91602dee80 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
105f7d58-b98c-11e1-899e-001617550b12
Error - 6/19/2012 4:56:18 PM | Computer Name = Aurora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4bd ID des fehlerhaften Prozesses: 0xe5c Startzeit der fehlerhaften Anwendung:
0x01cd4e4c4a8b0430 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
37202d64-ba51-11e1-80da-001617550b12
Error - 6/20/2012 2:31:10 PM | Computer Name = Aurora | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/23/2012 10:36:02 AM | Computer Name = Aurora | Source = Application Hang | ID = 1002
Description = Programm XACT.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: da4 Startzeit:
01cd514d53eab210 Endzeit: 6 Anwendungspfad: C:\Program Files\XACT\XACT.EXE Berichts-ID:
bea67c61-bd40-11e1-9429-001617550b12
Error - 7/12/2012 12:19:06 PM | Computer Name = Aurora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f845 ID des fehlerhaften
Prozesses: 0x864 Startzeit der fehlerhaften Anwendung: 0x01cd6042ccd36b00 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 4d2b4fc8-cc3d-11e1-8052-001617550b12
Error - 7/13/2012 2:30:31 AM | Computer Name = Aurora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbamgui.exe, Version: 1.62.0.1, Zeitstempel:
0x4fe2300f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xa723f5f5 ID des fehlerhaften Prozesses:
0xa7c Startzeit der fehlerhaften Anwendung: 0x01cd6069332110d0 Pfad der fehlerhaften
Anwendung: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 3de59060-ccb4-11e1-95f5-001617550b12
Error - 7/14/2012 8:53:34 AM | Computer Name = Aurora | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 66c Startzeit: 01cd61aad1877330 Endzeit: 1404 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: e06e47b1-cdb2-11e1-9d26-001617550b12
[ Media Center Events ]
Error - 3/27/2011 8:22:13 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 14:21:31 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
security token.)
Error - 3/27/2011 8:23:56 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 14:23:49 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 3/27/2011 9:26:24 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 15:26:24 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 3/27/2011 9:28:47 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 15:27:07 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 3/27/2011 9:29:57 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 15:29:51 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 4/2/2011 3:16:30 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 09:16:30 - Fehler beim Herstellen der Internetverbindung. 09:16:30
- Serververbindung konnte nicht hergestellt werden..
Error - 4/2/2011 3:16:41 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 09:16:35 - Fehler beim Herstellen der Internetverbindung. 09:16:35
- Serververbindung konnte nicht hergestellt werden..
Error - 4/3/2011 4:17:04 AM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 10:16:58 - Fehler beim Herstellen der Internetverbindung. 10:16:58
- Serververbindung konnte nicht hergestellt werden..
Error - 4/12/2011 1:52:44 PM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 19:52:41 - Fehler beim Herstellen der Internetverbindung. 19:52:43
- Serververbindung konnte nicht hergestellt werden..
Error - 4/12/2011 1:53:34 PM | Computer Name = Aurora | Source = MCUpdate | ID = 0
Description = 19:52:49 - Fehler beim Herstellen der Internetverbindung. 19:52:49
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 2/1/2011 10:54:56 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
seconds with 0 seconds of active time. This session ended with a crash.
Error - 2/1/2011 10:56:04 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41
seconds with 0 seconds of active time. This session ended with a crash.
Error - 3/22/2011 4:50:37 PM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12884
seconds with 7380 seconds of active time. This session ended with a crash.
Error - 3/22/2011 4:51:24 PM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 4/10/2011 9:47:46 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18334
seconds with 8040 seconds of active time. This session ended with a crash.
Error - 4/10/2011 9:48:22 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/27/2011 5:37:27 PM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 14891 seconds with 120 seconds of active time. This session ended with a
crash.
Error - 5/15/2012 3:04:36 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 184 seconds with 120 seconds of active time. This session ended with a crash.
Error - 5/15/2012 3:06:13 AM | Computer Name = Aurora | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 80 seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/6/2012 4:23:30 PM | Computer Name = Aurora | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.10 registriert werden. Der Computer mit IP-Adresse 192.168.1.9
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/7/2012 3:17:55 AM | Computer Name = Aurora | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14
Error - 7/7/2012 8:24:04 AM | Computer Name = Aurora | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 7/10/2012 1:36:44 PM | Computer Name = Aurora | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 7/12/2012 11:27:11 AM | Computer Name = Aurora | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 7/12/2012 2:13:44 PM | Computer Name = Aurora | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 7/12/2012 4:10:16 PM | Computer Name = Aurora | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 7/13/2012 2:35:49 AM | Computer Name = Aurora | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 7/14/2012 6:20:55 AM | Computer Name = Aurora | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 7/14/2012 8:51:21 AM | Computer Name = Aurora | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report > --- --- ---
[/CODE] |