| Malwarenervt | 24.06.2013 17:30 |
Code:
OTL logfile created on: 24.06.2013 17:54:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PBG\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 29,46% Memory free
3,98 Gb Paging File | 1,74 Gb Available in Paging File | 43,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 5,19 Gb Free Space | 8,85% Space Free | Partition Type: NTFS
Drive D: | 159,19 Gb Total Space | 1,52 Gb Free Space | 0,95% Space Free | Partition Type: NTFS
Drive E: | 166,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PBG-PC | User Name: PBG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.24 17:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PBG\Desktop\OTL.exe
PRC - [2013.06.19 20:04:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.06.12 19:47:00 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.29 00:49:36 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.05.24 20:32:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.19 16:38:50 | 000,360,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.08 20:04:03 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:52:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 23:52:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:52:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.12 18:28:13 | 001,517,520 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.04.16 14:11:02 | 000,650,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe
PRC - [2009.12.21 03:15:30 | 000,838,656 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.10.26 13:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.10.13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.03.05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
========== Modules (No Company Name) ==========
MOD - [2013.06.12 19:46:58 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013.05.29 00:49:49 | 002,244,504 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2013.05.29 00:49:46 | 000,158,104 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013.05.29 00:49:46 | 000,022,424 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013.05.24 20:32:20 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.01.03 23:52:52 | 007,581,696 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.04.16 14:11:02 | 000,650,920 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SUPNotifier.exe
MOD - [2010.04.16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV - [2013.06.12 19:47:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.24 20:32:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 23:52:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 23:52:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.05 11:54:50 | 000,311,296 | ---- | M] () [Disabled | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2007.02.09 22:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PBG\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.14 00:23:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.08 23:52:02 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 23:52:02 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.12 18:28:13 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.08 20:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 07:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010.12.21 07:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.12.21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.11.23 18:10:44 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.15 04:09:52 | 000,068,608 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_acm.sys -- (samsung_hspa_datacard_cdc_acm)
DRV - [2010.01.15 04:09:52 | 000,062,464 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_dc_enum.sys -- (samsung_hspa_datacard_dc_enum)
DRV - [2010.01.15 04:09:50 | 000,081,920 | ---- | M] (Samsung) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\samsung_hspa_datacard_cdc_ecm.sys -- (samsung_hspa_datacard_cdc_ecm)
DRV - [2009.09.28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.01 22:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 9F 21 F9 7E C1 CD 01 [binary data]
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\..\SearchScopes\{33FBE12B-0BE0-43B9-839C-DDA2D14D25AF}: "URL" = hxxp://www.google.de
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: scrapbookplus%40addons.mozilla.org:1.9.23.40
FF - prefs.js..extensions.enabledAddons: sortplaces%40andyhalford.com:1.9.2
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: thumbsdown%40mozdev.org:0.22.1
FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:3.0.11
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.19
FF - prefs.js..extensions.enabledAddons: %7B95ab36d4-fb6f-47b0-8b8d-e5f3bd547953%7D:4.20.13
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: amin.eft_bmnotes%40gmail.com:2.8.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:9.3369.854.430
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.7
FF - prefs.js..extensions.enabledAddons: lrcfan%40fansoft.br:1.114
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.15
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: LDSI_plashcor%40gmail.com:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.8
FF - prefs.js..extensions.enabledItems: {524B8EF8-C312-11DB-8039-536F56D89593}:3.7.0.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1ex6xjvzjt4&search="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\PBG\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PBG\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Components: C:\Program Files\Aurora\components [2012.06.30 20:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 15.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.11 23:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.29 00:50:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 15.0a2\extensions\\Components: C:\Program Files\Aurora\components [2012.06.30 20:35:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 15.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files\LyricsFan\FF\ [2013.05.24 20:29:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.29 00:50:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2012.02.03 20:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\Extensions
[2013.06.22 21:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions
[2013.04.16 10:52:16 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.05.29 10:36:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.04.05 16:47:02 | 000,000,000 | ---D | M] (Block site) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012.06.30 20:24:57 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013.06.04 20:20:57 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2013.05.14 19:45:19 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\amin.eft_bmnotes@gmail.com
[2013.04.05 16:47:03 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\ich@maltegoetz.de
[2013.04.04 23:29:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\extensions\zotero@chnm.gmu.edu
[2013.04.22 17:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\gm_scripts\Dollchan_Extension_Tools
[2013.04.22 17:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\Firefox\Profiles\moc6o292.default\gm_scripts\Dollchan_Extension_Tools-1
[2013.04.08 23:51:37 | 000,012,576 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\bookmarkdeduplicator@foxhatdev.xpi
[2013.04.24 20:57:18 | 000,154,512 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\ck@everygain.com.xpi
[2013.04.04 23:29:23 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\isreaditlater@ideashower.com.xpi
[2013.06.16 16:36:36 | 000,097,083 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\LDSI_plashcor@gmail.com.xpi
[2013.06.04 20:20:57 | 001,343,607 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\readable@evernote.com.xpi
[2013.02.09 17:31:13 | 000,254,237 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\scrapbookplus@addons.mozilla.org.xpi
[2012.04.01 18:41:54 | 000,081,251 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\sortplaces@andyhalford.com.xpi
[2013.03.31 21:00:53 | 000,005,726 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\tab-width@design-noir.de.xpi
[2012.09.16 14:59:45 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.03.30 22:29:36 | 000,249,560 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\thumbsdown@mozdev.org.xpi
[2013.04.24 20:57:17 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\translator@zoli.bod.xpi
[2013.06.16 16:36:35 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012.03.31 16:21:11 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013.06.21 21:29:57 | 002,127,580 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2011.09.09 13:57:58 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013.06.06 11:14:17 | 000,281,668 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2013.06.22 21:51:56 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.04.05 17:21:11 | 000,029,019 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
[2012.12.21 01:51:33 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.08 22:19:30 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.22 00:29:20 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.04.05 16:47:03 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.24 08:19:42 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\PBG\AppData\Roaming\mozilla\firefox\profiles\moc6o292.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.05.24 20:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.11 23:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.11 23:26:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.11 23:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.24 20:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 20:32:23 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.24 20:29:53 | 000,000,000 | ---D | M] ("Lyrics Fan") -- C:\PROGRAM FILES\LYRICSFAN\FF
========== Chrome ==========
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PBG\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PBG\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PBG\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PBG\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PBG\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Wetter von wetter.com = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgapkfcninhaogfjjoohaleiclbhjmnp\1.21_0\
CHR - Extension: FlashBlock = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\
CHR - Extension: Ocean Pacific = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.3.19_0\
CHR - Extension: AdBlock = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: FlashBlock = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Note Board = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\goficmpcgcnombioohjcgdhbaloknabb\4.0.4.5_0\
CHR - Extension: Chromium Scrapbook = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokffdfnlmampchciemmflgbckijpmlb\0.15.4_0\
CHR - Extension: Smooth Gestures = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.4_0\
CHR - Extension: Lyrics Fan = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd\1.114_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Hover Zoom = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.15_0\
CHR - Extension: Google Mail = C:\Users\PBG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.05.07 22:33:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Lyrics Fan) - {A8720491-9558-4C0D-9E35-30EED15DFB2B} - C:\Programme\LyricsFan\lrcfan.dll (FAN Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-67750739-3866145124-1799724527-1003..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Programme\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PBG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Mit Mipony herunterladen - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CB44DBC-6166-496D-B83D-F8183DC7BE4B}: NameServer = 10.74.83.22 193.254.160.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA2FCC8-AEC5-4659-B893-74A5EC9D13F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E793A022-ED28-46DF-8C3E-86340F53F248}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD317A9-D239-409F-97BE-0238F95FFCB9}: DhcpNameServer = 192.168.1.250
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.24 07:41:15 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.24 17:51:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PBG\Desktop\OTL.exe
[2013.06.24 15:01:33 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.06.24 15:01:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.06.24 15:01:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.06.24 15:01:02 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.06.22 09:39:23 | 000,660,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\PBG\Desktop\autoruns.exe
[2013.06.22 09:39:23 | 000,578,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\PBG\Desktop\autorunsc.exe
[2013.06.19 23:05:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2013.06.19 23:05:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2013.06.19 20:58:52 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2013.06.19 20:58:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2013.06.19 20:55:17 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2013.06.19 20:55:12 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2013.06.19 20:55:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2013.06.19 20:08:24 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013.06.19 20:08:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013.06.19 20:08:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013.06.19 20:08:23 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013.06.19 20:08:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013.06.19 20:08:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013.06.19 20:08:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013.06.19 20:08:23 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013.06.19 20:08:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013.06.19 20:08:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013.06.19 20:08:21 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013.06.19 20:08:21 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013.06.19 20:08:21 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013.06.19 20:08:21 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013.06.19 20:08:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013.06.19 20:08:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013.06.19 20:08:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013.06.19 20:08:20 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013.06.19 20:08:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013.06.19 20:08:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013.06.19 20:08:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013.06.19 20:08:20 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013.06.19 20:08:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013.06.19 20:08:19 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013.06.19 20:08:19 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013.06.19 20:08:19 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013.06.19 20:08:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013.06.19 20:08:19 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013.06.19 20:08:19 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013.06.19 20:08:18 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013.06.19 20:08:18 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013.06.19 20:08:18 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013.06.19 20:08:18 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013.06.19 20:08:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013.06.19 20:08:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013.06.19 20:08:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013.06.19 20:04:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2013.06.19 20:00:53 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013.06.19 20:00:53 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013.06.19 20:00:53 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.19 20:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.19 20:00:53 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.19 20:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.19 20:00:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.19 20:00:52 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013.06.19 20:00:52 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013.06.19 20:00:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013.06.19 20:00:51 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013.06.19 20:00:51 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013.06.19 20:00:51 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013.06.19 20:00:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013.06.19 20:00:51 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013.06.19 20:00:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013.06.19 20:00:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013.06.19 20:00:50 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013.06.19 20:00:50 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013.06.19 20:00:50 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013.06.12 07:41:44 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d11.dll
[2013.06.12 07:41:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cryptdlg.dll
[2013.06.12 07:41:19 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certutil.exe
[2013.06.12 07:41:18 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\certenc.dll
[2013.06.12 07:41:05 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013.06.12 07:41:04 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013.06.12 07:41:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2013.06.12 07:41:01 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2013.06.12 07:41:00 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2013.05.29 00:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
========== Files - Modified Within 30 Days ==========
[2013.06.24 17:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PBG\Desktop\OTL.exe
[2013.06.24 17:09:03 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.24 17:08:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.24 15:00:40 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.06.24 15:00:39 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npdeployJava1.dll
[2013.06.24 15:00:39 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013.06.24 15:00:39 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.06.24 15:00:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.06.24 15:00:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.06.24 14:42:45 | 000,277,062 | ---- | M] () -- C:\Users\PBG\Desktop\ebay beispiel.png
[2013.06.22 21:45:18 | 000,158,420 | ---- | M] () -- C:\Users\PBG\Desktop\p1.png
[2013.06.22 18:36:30 | 000,659,632 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.06.22 18:36:30 | 000,621,474 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.06.22 18:36:30 | 000,132,668 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.06.22 18:36:30 | 000,109,050 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.06.22 18:36:09 | 000,000,195 | ---- | M] () -- C:\Users\PBG\Desktop\Clemens.vcf
[2013.06.22 09:43:04 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003UA.job
[2013.06.22 09:43:03 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-67750739-3866145124-1799724527-1003Core.job
[2013.06.22 09:42:53 | 000,000,366 | ---- | M] () -- C:\windows\tasks\Lyrics Fan Update.job
[2013.06.22 09:39:58 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 09:39:58 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.22 09:30:47 | 2136,231,936 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.22 09:16:27 | 000,648,201 | ---- | M] () -- C:\Users\PBG\Desktop\adwcleaner2303.exe
[2013.06.19 23:47:36 | 000,425,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.06.19 20:08:24 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsSpellCheckingFacility.exe
[2013.06.19 20:08:24 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\elshyph.dll
[2013.06.19 20:08:24 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013.06.19 20:08:23 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013.06.19 20:08:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2013.06.19 20:08:23 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2013.06.19 20:08:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2013.06.19 20:08:23 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2013.06.19 20:08:23 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2013.06.19 20:08:23 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013.06.19 20:08:22 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013.06.19 20:08:21 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013.06.19 20:08:21 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013.06.19 20:08:21 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2013.06.19 20:08:21 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013.06.19 20:08:21 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2013.06.19 20:08:21 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2013.06.19 20:08:20 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013.06.19 20:08:20 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013.06.19 20:08:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2013.06.19 20:08:20 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013.06.19 20:08:20 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2013.06.19 20:08:20 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2013.06.19 20:08:19 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2013.06.19 20:08:19 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2013.06.19 20:08:19 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2013.06.19 20:08:19 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2013.06.19 20:08:19 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2013.06.19 20:08:19 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013.06.19 20:08:18 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013.06.19 20:08:18 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmlmedia.dll
[2013.06.19 20:08:18 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013.06.19 20:08:18 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013.06.19 20:08:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013.06.19 20:08:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013.06.19 20:08:18 | 000,025,185 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2013.06.19 20:08:18 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013.06.19 20:04:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe
[2013.06.19 20:00:53 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msmpeg2vdec.dll
[2013.06.19 20:00:53 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2013.06.19 20:00:53 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2013.06.19 20:00:53 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.19 20:00:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.19 20:00:53 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.06.19 20:00:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.06.19 20:00:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.19 20:00:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.19 20:00:52 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013.06.19 20:00:52 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMPhoto.dll
[2013.06.19 20:00:52 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10core.dll
[2013.06.19 20:00:51 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013.06.19 20:00:51 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10.dll
[2013.06.19 20:00:51 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll
[2013.06.19 20:00:51 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2013.06.19 20:00:51 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WindowsCodecsExt.dll
[2013.06.19 20:00:51 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2013.06.19 20:00:50 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2013.06.19 20:00:50 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxgi.dll
[2013.06.19 20:00:50 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\UIAnimation.dll
[2013.06.18 15:12:34 | 000,660,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\PBG\Desktop\autoruns.exe
[2013.06.18 15:12:34 | 000,578,240 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\PBG\Desktop\autorunsc.exe
[2013.06.17 22:55:06 | 083,333,408 | ---- | M] () -- C:\Users\PBG\Desktop\Binauraler Beat auf 7,83Hz gleichbleibend.mp3
[2013.06.17 22:53:59 | 078,512,934 | ---- | M] () -- C:\Users\PBG\Desktop\20Hz auf 5Hz bei 100Hz - Wachträumen, Einschlafphase.mp3
[2013.06.16 09:10:07 | 000,001,992 | ---- | M] () -- C:\Users\PBG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2013.06.12 19:47:00 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013.06.12 19:47:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013.05.26 23:28:33 | 000,007,615 | ---- | M] () -- C:\Users\PBG\AppData\Local\Resmon.ResmonCfg
========== Files Created - No Company Name ==========
[2013.06.24 14:42:42 | 000,277,062 | ---- | C] () -- C:\Users\PBG\Desktop\ebay beispiel.png
[2013.06.22 21:45:17 | 000,158,420 | ---- | C] () -- C:\Users\PBG\Desktop\p1.png
[2013.06.22 18:36:09 | 000,000,195 | ---- | C] () -- C:\Users\PBG\Desktop\Clemens.vcf
[2013.06.22 09:39:23 | 000,049,518 | ---- | C] () -- C:\Users\PBG\Desktop\autoruns.chm
[2013.06.22 09:16:26 | 000,648,201 | ---- | C] () -- C:\Users\PBG\Desktop\adwcleaner2303.exe
[2013.06.19 20:59:01 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.06.19 20:55:11 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.06.19 20:08:18 | 000,025,185 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2013.06.17 22:54:17 | 083,333,408 | ---- | C] () -- C:\Users\PBG\Desktop\Binauraler Beat auf 7,83Hz gleichbleibend.mp3
[2013.06.17 22:53:07 | 078,512,934 | ---- | C] () -- C:\Users\PBG\Desktop\20Hz auf 5Hz bei 100Hz - Wachträumen, Einschlafphase.mp3
[2013.05.07 23:25:31 | 000,002,154 | ---- | C] () -- C:\Users\PBG\.recently-used.xbel
[2013.01.07 14:23:12 | 000,048,709 | ---- | C] () -- C:\Users\PBG\Desktop(1)
[2012.08.24 17:53:25 | 000,060,864 | ---- | C] () -- C:\Users\PBG\g2mdlhlpx.exe
[2012.05.07 22:14:12 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.05.07 22:14:12 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.05.07 22:14:12 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.05.07 22:14:12 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.05.07 22:14:12 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.03.03 02:28:49 | 000,008,192 | ---- | C] () -- C:\Users\PBG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 11:50:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.02.16 11:44:26 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2012.02.07 17:11:53 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2012.02.07 16:52:40 | 000,107,520 | RHS- | C] () -- C:\windows\System32\TAKDSDecoder.dll
[2011.11.10 22:22:31 | 000,007,615 | ---- | C] () -- C:\Users\PBG\AppData\Local\Resmon.ResmonCfg
[2011.04.11 20:32:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Code:
OTL Extras logfile created on: 24.06.2013 17:54:19 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PBG\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 29,46% Memory free
3,98 Gb Paging File | 1,74 Gb Available in Paging File | 43,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 5,19 Gb Free Space | 8,85% Space Free | Partition Type: NTFS
Drive D: | 159,19 Gb Total Space | 1,52 Gb Free Space | 0,95% Space Free | Partition Type: NTFS
Drive E: | 166,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PBG-PC | User Name: PBG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E3EE62-074A-4554-8104-539818ECCB7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{09D6FF63-BC87-41CD-8E59-25E3124624A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1DF2C742-21C4-45DC-BB66-90D0242D6FEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{30FE5A2E-F4B1-4C2B-83B4-60608A9A1DD8}" = rport=137 | protocol=17 | dir=out | app=system |
"{46300B63-5AF1-494F-87AD-6E2E4647C863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{522E7E17-D430-43AC-9987-08D86E89E5D7}" = lport=137 | protocol=17 | dir=in | app=system |
"{5D748ECB-6C94-448E-A52F-34978AB6D3BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B745C01-A532-46DC-819D-5E9A5263DA34}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6D66F89F-FA28-42BC-9A8D-7F1316B7168E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{743225AA-C8A5-41A6-B3C5-08A28B6F599F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79E7D639-3F8B-4D74-B72E-6F75436A93B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C742995-1D22-4C91-AE1F-503CD31341DC}" = rport=445 | protocol=6 | dir=out | app=system |
"{7E1CB3E8-1E91-4486-BC76-873579261841}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C235505-015C-4283-8FA3-C9CEAC384A13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{933D5EC7-D3C1-4A29-8791-8818EEEB72F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{947A64E1-5D71-46AB-838E-F0AA27E8926E}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BAE9C1A-D2F5-4CA6-9D5A-2A07C036F9A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7BD4502-A0A9-4201-BB8B-BC3118CBA47D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B09C8628-44C6-4686-840E-13EFD93CA5AC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D5D0C2A9-2651-4C33-99B2-554A30096C17}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E6BE3AD8-F6C6-459E-9EC2-7609E3B09E96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F918E0E3-B491-4BD6-8424-EC38F0ECA13C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FA00EE-922A-4014-A244-CFB2A577994A}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{0DD1E285-C564-4FDB-90BF-D58156C8F1BE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{200414BD-2E06-4095-B563-0519BB1CF93C}" = protocol=17 | dir=in | app=c:\program files\maxthon3\bin\maxthon.exe |
"{275A8DDB-D028-48DE-A16D-3699988AD88E}" = protocol=6 | dir=in | app=c:\program files\maxthon3\bin\mxup.exe |
"{3334901C-5CCC-425E-B6A3-868002B75A91}" = dir=out | app=%programfiles%\hotline miami\hotlinemiami.exe |
"{48EDBD94-2DCF-4F73-AF3A-2465053EE5BD}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{4E54E9F4-95BB-4437-B086-784156D1AFB6}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\mxup.exe |
"{4EE9B896-8910-4ADF-A0F3-E55900E2685D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58B2E91B-6B8E-44B0-9EA0-7B8078A17BC2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5DFCF162-F4E0-4566-84BD-53A0403DB0A1}" = protocol=6 | dir=in | app=c:\program files\maxthon3\bin\maxthon.exe |
"{61E8AF8B-594A-4169-BAAC-EE129CD19D62}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{691CE798-0C51-4892-9EDE-294733B56106}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{76968DC1-C970-4688-82ED-71A373679C3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{805E39D3-58FE-4B43-915C-E105D159B2B2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{80757DC3-3E25-425B-B9BB-C9DF2A390F7F}" = protocol=17 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{9903CCF4-5E71-49A0-826B-C1FBE4BB9FAA}" = protocol=6 | dir=in | app=c:\program files\maxthon\bin\maxthon.exe |
"{9AE7E7CD-E90A-492B-B33B-64B35DD4E0DB}" = protocol=6 | dir=in | app=c:\program files\metatrader 5 - alpari\metatester.exe |
"{AA24E64F-5A52-4CB5-9AA7-D9F1FC3E74FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B725076A-129E-492F-A564-D8645705B778}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{BB695BCC-61AC-4425-A9B6-0CB32FD18A0A}" = protocol=17 | dir=in | app=c:\program files\maxthon3\bin\mxup.exe |
"{C0BEB2EF-5E89-4698-A617-71F30FEBDB19}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{C78B1FBB-3F30-4C81-AABD-7B97C6BF24EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5719D84-C6BB-4908-A327-4AB1B7B2DFE3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FE87A871-1910-4CC0-B676-D0C31A898263}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{015ED4F0-8D8A-483C-BD21-958508BE43E0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{0706EE83-D40B-478D-887D-EB4F6DC7BAFD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{28CB5DD5-24FD-4D51-B02B-7ECE890F2486}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{2E106A86-D30F-4FB7-A840-C65BAAAA5913}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{32F120E4-95E8-4BB0-981E-47F859E5D0ED}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{4FA6306F-2ED4-48E9-A800-B8AAAA2E1E82}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D317F58F-8BB7-4F8F-9832-89826FA52412}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D610ECA5-AE3D-4384-BA6F-8131F8588BB0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FECC1507-1194-4D16-8D06-80928BBD12D7}C:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\jdownloader\jdownloader 2\jdownloader 2.exe |
"UDP Query User{0B7E0FAD-D65D-4CFB-BC3B-487C5457E0A5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{642B2582-180B-4B6B-A58B-996777DB62B3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7F412BA4-AB45-4F7D-B5D9-0F46A2C58FE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A33075DB-EA3E-4DC4-8A78-83B0C4EC7A18}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B4345884-9A67-4546-95FC-0B4F3209DE8E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{D5DD46D9-0583-4C9B-BF84-B9F53ACB6358}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E770D10A-A8E6-482D-93B6-3D3B63646B0B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{F520966C-41CA-4103-9434-E84223F11223}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FEA4A88C-2C7B-4984-93C5-B7F58B42AC1D}C:\jdownloader\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\jdownloader\jdownloader 2\jdownloader 2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27979F37-AF9C-33DE-8437-76F7AEFAABAD}" = Google Talk Plugin
"{27A34859-3E29-438B-BBF6-19BDC6CA9C06}" = Samsung HSPA DataCard 4.3.29.7814
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAD9D0F-567C-4F8C-A0DA-1AB5B1243F68}_is1" = Web Stream Recorder
"{8C825992-6005-42DF-8836-8A42B23D2FFA}" = Internet Explorer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"0630-0716-3135-7887" = JDownloader 2
"5513-1208-7298-9440" = JDownloader 0.9
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Aurora 15.0a2 (x86 en-US)" = Aurora 15.0a2 (x86 en-US)
"Avira AntiVir Desktop" = Avira Free Antivirus
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2012-12-30
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.3.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"GSpot" = GSpot Codec Information Appliance
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Kill-ID für Chrome_is1" = Kill-ID 1.2.4.0 für Chrome
"LAME_is1" = LAME v3.99.3 (for Windows)
"Live Usb Helper" = Live Usb Helper 0.0.8
"lrcfan@fansoft.br" = Lyrics Fan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Maxthon3" = Maxthon 3
"MetaTrader - Alpari UK" = MetaTrader - Alpari UK
"MetaTrader 5 - Alpari" = MetaTrader 5 - Alpari
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiPony" = MiPony 2.0.5
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"No23 Recorder" = No23 Recorder
"Opera 12.02.1578" = Opera 12.02
"Orbit_is1" = Orbit Downloader
"Personal Backup 5_is1" = Personal Backup 5.3
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Recuva" = Recuva
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Task Manager" = Security Task Manager 1.8d
"Smart Data Recovery_is1" = Smart Data Recovery v4.4
"Software Informer_is1" = Software Informer 1.2 RC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.6
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.1
"WinCDEmu" = WinCDEmu
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-67750739-3866145124-1799724527-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9685f12c5b9c1b15" = FxPro cTrader
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.4.0.1083
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.08.2012 12:28:40 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.08.2012 12:30:07 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.08.2012 12:41:13 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\metatrader
5 - alpari\metatester64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.08.2012 12:46:11 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\WinCDEmu\vmnt64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.08.2012 12:41:25 | Computer Name = PBG-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.60.1185.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5d4 Startzeit:
01cd863e2c567d0e Endzeit: 224 Anwendungspfad: C:\Program Files\Opera\opera.exe Berichts-ID:
65557ffd-f2c1-11e1-bc6d-cebdabe59d30
Error - 03.09.2012 11:53:37 | Computer Name = PBG-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 11.60.1185.0,
Zeitstempel: 0x4edc8864 Name des fehlerhaften Moduls: Opera.dll, Version: 11.60.1185.0,
Zeitstempel: 0x4edc974c Ausnahmecode: 0x40000015 Fehleroffset: 0x003634cc ID des fehlerhaften
Prozesses: 0x228 Startzeit der fehlerhaften Anwendung: 0x01cd89e7fa0632a4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Opera\opera.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Opera\Opera.dll Berichtskennung: 85a547d3-f5df-11e1-bd70-aed4aee6d423
Error - 03.09.2012 11:55:48 | Computer Name = PBG-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 11.60.1185.0,
Zeitstempel: 0x4edc8864 Name des fehlerhaften Moduls: Opera.dll, Version: 11.60.1185.0,
Zeitstempel: 0x4edc974c Ausnahmecode: 0x40000015 Fehleroffset: 0x003634cc ID des fehlerhaften
Prozesses: 0x1344 Startzeit der fehlerhaften Anwendung: 0x01cd89ec5383b22f Pfad der
fehlerhaften Anwendung: C:\Program Files\Opera\opera.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Opera\Opera.dll Berichtskennung: d3b63c24-f5df-11e1-bd70-aed4aee6d423
Error - 03.09.2012 11:57:33 | Computer Name = PBG-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 11.60.1185.0,
Zeitstempel: 0x4edc8864 Name des fehlerhaften Moduls: Opera.dll, Version: 11.60.1185.0,
Zeitstempel: 0x4edc974c Ausnahmecode: 0x40000015 Fehleroffset: 0x003634cc ID des fehlerhaften
Prozesses: 0x1144 Startzeit der fehlerhaften Anwendung: 0x01cd89eca13e247c Pfad der
fehlerhaften Anwendung: C:\Program Files\Opera\opera.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Opera\Opera.dll Berichtskennung: 126c6c18-f5e0-11e1-bd70-aed4aee6d423
Error - 05.09.2012 04:32:58 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.09.2012 04:35:30 | Computer Name = PBG-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 22.06.2013 03:32:28 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 22.06.2013 03:33:03 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 22.06.2013 03:33:30 | Computer Name = PBG-PC | Source = DCOM | ID = 10005
Description =
Error - 22.06.2013 03:33:30 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 22.06.2013 10:43:28 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 22.06.2013 12:20:47 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 23.06.2013 02:17:18 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 23.06.2013 14:34:13 | Computer Name = PBG-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 24.06.2013 02:24:24 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 24.06.2013 11:08:50 | Computer Name = PBG-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
< End of report >
|
SecurityCheck und:
Aktualität von System und Software
Textbox. 