| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 schwarzer Bildschirm mit Maus nach dem bootenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.10.2012, 15:31
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 7 schwarzer Bildschirm mit Maus nach dem booten Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.10.2012, 15:50
| #17 |
 | Windows 7 schwarzer Bildschirm mit Maus nach dem booten OK, mache ich.
__________________Poste ich morgen ... Kannst Du denn schon was sagen ? Wieviele Scanprogramme gibt es noch ? :-) Gruss dz |
|
31.10.2012, 18:44
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Lässt sich nicht pauschal sagen und es dauert länger je mehr Zeit du dir dabei lässt!
__________________
__________________ |
|
01.11.2012, 18:37
| #19 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Ich werde versuchen schneller zu posten ...  aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-11-01 17:50:33 ----------------------------- 17:50:33.291 OS Version: Windows x64 6.1.7601 Service Pack 1 17:50:33.291 Number of processors: 2 586 0x100 17:50:33.291 ComputerName: xxx UserName:xxx 17:50:37.902 Initialize success 17:54:07.794 AVAST engine defs: 12110100 17:55:02.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 17:55:02.391 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11 17:55:02.407 Disk 0 MBR read successfully 17:55:02.407 Disk 0 MBR scan 17:55:02.407 Disk 0 Windows 7 default MBR code 17:55:02.422 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 478886 MB offset 2048 17:55:02.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249999 MB offset 980760576 17:55:02.454 Disk 0 Partition - 00 0F Extended LBA 209623 MB offset 1492760576 17:55:02.469 Disk 0 Partition 3 80 (A) 27 Hidden NTFS WinRE NTFS 15358 MB offset 1922068480 17:55:02.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 209622 MB offset 1492762624 17:55:02.532 Disk 0 scanning C:\windows\system32\drivers 17:55:10.344 Service scanning 17:55:26.167 Modules scanning 17:55:26.667 Disk 0 trace - called modules: 17:55:26.683 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys 17:55:26.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f3790] 17:55:26.699 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8003ec86c0] 17:55:26.699 5 amd_xata.sys[fffff8800114ea1d] -> nt!IofCallDriver -> [0xfffffa8003ec8e40] 17:55:26.714 7 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8003e7d350] 17:55:37.559 AVAST engine scan C:\windows 17:55:40.470 AVAST engine scan C:\windows\system32 17:55:41.290 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat" 17:55:41.305 The log file has been saved successfully to "C:\Users\derneuste\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-11-01 17:50:33 ----------------------------- 17:50:33.291 OS Version: Windows x64 6.1.7601 Service Pack 1 17:50:33.291 Number of processors: 2 586 0x100 17:50:33.291 ComputerName: DERNEUSTE-PC UserName: derneuste 17:50:37.902 Initialize success 17:54:07.794 AVAST engine defs: 12110100 17:55:02.391 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055 17:55:02.391 Disk 0 Vendor: ST310005 JC4B Size: 953869MB BusType: 11 17:55:02.407 Disk 0 MBR read successfully 17:55:02.407 Disk 0 MBR scan 17:55:02.407 Disk 0 Windows 7 default MBR code 17:55:02.422 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 478886 MB offset 2048 17:55:02.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 249999 MB offset 980760576 17:55:02.454 Disk 0 Partition - 00 0F Extended LBA 209623 MB offset 1492760576 17:55:02.469 Disk 0 Partition 3 80 (A) 27 Hidden NTFS WinRE NTFS 15358 MB offset 1922068480 17:55:02.500 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 209622 MB offset 1492762624 17:55:02.532 Disk 0 scanning C:\windows\system32\drivers 17:55:10.344 Service scanning 17:55:26.167 Modules scanning 17:55:26.667 Disk 0 trace - called modules: 17:55:26.683 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys 17:55:26.683 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f3790] 17:55:26.699 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8003ec86c0] 17:55:26.699 5 amd_xata.sys[fffff8800114ea1d] -> nt!IofCallDriver -> [0xfffffa8003ec8e40] 17:55:26.714 7 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\00000055[0xfffffa8003e7d350] 17:55:37.559 AVAST engine scan C:\windows 17:55:40.470 AVAST engine scan C:\windows\system32 17:55:41.290 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat" 17:58:03.331 AVAST engine scan C:\windows\system32\drivers 17:58:12.865 AVAST engine scan C:\Users\derneuste 18:00:18.433 AVAST engine scan C:\ProgramData 18:00:45.820 Scan finished successfully 18:36:01.297 Disk 0 MBR has been saved successfully to "C:\Users\derneuste\Desktop\MBR.dat" 18:36:01.313 The log file has been saved successfully to "C:\Users\derneuste\Desktop\aswMBR.txt" kann aber meistens nur abend. Ich möchte mich noch mal für Deine Mühen bedanken... Gruß und Dank an Cosinus - der Zapfer |
|
03.11.2012, 00:40
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Auch unaufällig. Eine Kontrolle mit OTL bitte: Sieht ok aus, eine Kontrolle mit OTL bitte:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.11.2012, 03:00
| #21 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenCode:
ATTFilter Hello World
Code:
ATTFilter OTL logfile created on: 03.11.2012 01:36:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Usersxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free 6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32 Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32 Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe (iMesh, Inc) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL () MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKCU\..\SearchScopes\{08C703C6-13A6-4220-8A22-2DD3F116F128}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M] [2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions [2012.10.25 20:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions [2012.09.18 19:39:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2} [2012.08.25 10:17:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com [2012.09.29 09:43:45 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.02 21:03:08 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml [2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml [2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml [2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION [2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc) O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\RunOnce: [SimboApp] C:\Users\derneuste\AppData\Local\Temp\4108845567\simboapp.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt [2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software [2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional [2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software [2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB} [2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings [2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe [2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes [2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 ========== Files - Modified Within 30 Days ========== [2012.11.03 01:12:54 | 000,001,460 | ---- | M] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk [2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 21:01:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.02 21:01:50 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys [2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012.10.29 22:30:33 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI [2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url [2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url [2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe ========== Files Created - No Company Name ========== [2012.11.03 01:12:54 | 000,001,460 | ---- | C] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk [2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat [2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url [2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe [2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll [2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe [2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll [2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss [2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll [2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini [2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI [2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat [2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI [2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg [2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.11.2012 01:36:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free
6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS
Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS
Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS
Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32
Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32
Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system |
"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system |
"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system |
"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A568008-57FB-463F-868A-78AB41098F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system |
"{458969DF-C637-432A-A179-ECDBA5837111}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7285B9F4-12A6-49C2-A053-918CD824AAD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe |
"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe |
"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe |
"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F2C64FFC-50AE-480A-86E0-1B36E6960748}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common
"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish
"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French
"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All
"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Album Art Downloader XUI" = Album Art Downloader XUI 0.43
"Album Cover Finder_is1" = Album Cover Finder v.7.1.3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DMEXMENU" = DMEX Menu Extention (Uninstall only)
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"imeshtoolbar2" = Search-Results Toolbar
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"SopCast" = SopCast 3.5.0
"TagScanner_is1" = TagScanner 5.1.607
"TreeSize Professional_is1" = TreeSize Professional V5.5.5
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.98-1
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.10.2012 01:22:57 | Computer Name = derneuste-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 18.10.2012 15:41:02 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.10.2012 18:50:05 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc2c6 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01cdad82e9a7cddf
Pfad
der fehlerhaften Anwendung: C:\windows\system32\DrvInst.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 284088ad-1976-11e2-8f7a-50e54953e126
Error - 18.10.2012 18:51:12 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.10.2012 18:52:39 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:
0x4ca242ed Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xe0434f4d Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0xf1c Startzeit der fehlerhaften Anwendung: 0x01cdad833d59bca1
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: 839cccea-1976-11e2-8f7a-50e54953e126
Error - 21.10.2012 12:33:19 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
[ OSession Events ]
Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.10.2012 21:47:31 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
ich hoffe Du kannst damit was anfangen. Vielen dank für Deine Mühen und Geduld Gruss Derzapfer |
|
03.11.2012, 16:56
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenCode:
ATTFilter Scan Mode: Current user
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2012, 17:22
| #23 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Hallo Cosinus, was Du alles siehst ... Auf ein Neues Sollte jetzt alles richtig sein ... Grus sund schönen Sonntag Derzapfer Code:
ATTFilter OTL logfile created on: 04.11.2012 16:50:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free 6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32 Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32 Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation) DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{40FCBC03-113D-4A4E-9A0D-771855886A78}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502 IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms} IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_ptnrs=^ABT&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M] [2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions [2012.11.04 14:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions [2012.11.04 13:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.04 14:36:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com [2012.11.04 14:36:48 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml [2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml [2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml [2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION [2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc) O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.04 14:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.04 14:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.11.04 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.11.04 14:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.11.04 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2012.11.03 23:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt [2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software [2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional [2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software [2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB} [2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings [2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe [2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes [2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 ========== Files - Modified Within 30 Days ========== [2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.04 15:55:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.04 15:55:16 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys [2012.11.04 04:46:12 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI [2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url [2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url [2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe ========== Files Created - No Company Name ========== [2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat [2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url [2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe [2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll [2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe [2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll [2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss [2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll [2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini [2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI [2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat [2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI [2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg [2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.11.2012 16:50:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free
6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS
Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS
Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS
Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32
Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32
Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"
Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"
Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system |
"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system |
"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system |
"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system |
"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe |
"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe |
"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe |
"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common
"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish
"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French
"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All
"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Album Art Downloader XUI" = Album Art Downloader XUI 0.43
"Album Cover Finder_is1" = Album Cover Finder v.7.1.3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DMEXMENU" = DMEX Menu Extention (Uninstall only)
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"imeshtoolbar2" = Search-Results Toolbar
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"Security Task Manager" = Security Task Manager 1.8d
"SopCast" = SopCast 3.5.0
"TagScanner_is1" = TagScanner 5.1.607
"TreeSize Professional_is1" = TreeSize Professional V5.5.5
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.98-1
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 21.10.2012 12:52:39 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2012 12:57:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2012 13:03:05 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100
Description =
Error - 21.10.2012 13:45:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.10.2012 13:48:38 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 21.10.2012 16:07:27 | Computer Name = derneuste-PC | Source = Windows Backup | ID = 4104
Description =
[ OSession Events ]
Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.10.2012 13:32:14 | Computer Name = derneuste-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
05.11.2012, 10:05
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenCode:
ATTFilter PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
 Bitte sowas unbedingt sein lassen, Avast und AntVir werden sich irgendwann in die Quere kommen. Verwende immer nur einen Virenscanner mit Hintergrundwächter und nicht mehr! Wenn du dir zusätzliche "Meinungen" einholen willst, dann verwende Malwarebytes Free oder den Online Scanner von ESET. Bitte einen der beiden umgehend deinstallieren! Ich würde dir empfehlen, Avast zu behalten. Warum eigentlich hast du Avira nach E: installiert? Welchen Vorteil soll es bringen, Programme woanders hin zu installieren?  Ansonsten ist das Log nun soweit unauffällig. Aber Toolbars/Adware sollten wir noch entfernen. Führe bitte nach der Deinstallation des überflüssigen Virenscanners den adwCleaner aus: adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 11:58
| #25 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Hallo Cosinus, ich habe in den letzten Tagen/Wochen meinen (Avira) Virenscanner immer wiedre drüber laufen lassen. Ohne (Be-)Fund. Die ganzen Tools von Dir haben immer wieder was gefunden. Da ist mein Vertrauen in Avira geschrumpft und ich habe mich mal nach Avast umgeschaut. Jetzt läuft AVASt fast jeden Tag komplett übers System. Wollte AVIRA schon deinstallieren, habe aber eine Einstellung bei AVAST gesehen (kannte ich ich bisher auch nicht) , die eine paralle Installation von zwei Antivirusprogrammen erlaubt. Und zum Testen kann es nicht schaden... so meine Theorie. Werde Avira deinstallieren, Deinen Eset /Malwarebyte Rat befolgen und Avast behalten. Habe meine Festplatten so partioniert, dass ich sas BS und BS-nahe-Programme auf C, Daten auf D und übrigen Programme auf E habe. Der Übersicht wegen .... PS: Habe mir zur Sicherheit eine grosse Intenso (1TB) gekauft um, wenn das System dann endlich mal virenfrei ist, alle unwiederbringllichen Daten und sämtliche folgenden Sicherungen auf einer FP zu haben. Leider erkennt das WIndows-System die Festplatte, wie auch gestern diverse USB Sticks nicht, bzw. kann die Treiber nicht installieren. Kann das was mit den Viren zu tun haben ? Gruss und wieder vielen dank. Melde mich wenn ich da mit dem Avira und dem adwCleaner gemacht habe... |
|
05.11.2012, 13:43
| #26 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenZitat:
Das ist eher mehr Chaos wenn ein Teil der Programme auf C und ein anderer Teil auf D oder E liegt Zudem schriebt jedes installierte Programm so oder so etwas in die Systempartition rein, völlig egal wohin man es installiert Solltest du Windows mal neu installieren müssen und nur C formatieren, so kannst du die damals auf den anderen Laufwerken installierten Programme eh nicht nutzen, die müssen neu installiert werden Zitat:
Für externe USB-Platten werden keine Treiber benötigt Überprüf, ob die neue USB-Platte in der Datenträgervewaltung gelistet wird - wenn ja, dann stelle sicher, dass sie auch partitioniert und formatiert (NTFS) ist sowie ein Laufwerksbuchstabe zugewiesen ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 14:42
| #27 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Hallo Cosinus, bei installierten Programmen gebe ich Dir absolut recht. Auch hat mich der ungleich verteilte Festplattenplatz auf meinen Partitionen auch schon zum Überdenken dieser Aufteilung gebracht. Progarmme die sich nicht in die Registry schreiben sollten aber nach einer C-Formatierung dennoch von E aus laufen, wenn ich damals im Unterricht richtig aufgepasst habe..., oder ? Die Festplatte und diverse Sticks tauchen nirgendwo auf, weder in der Verwaltung noch im Win-Explorer. Ein Laufwerksbuchstabenzuweisung oder eine Formatierung war daher nicht möglich. Habe auch beide Stecker des y-Kabels versucht- kein Erfolg. Habe heute andere PCs (1x XP und 2x Win 7) ausprobiert, Gerätetreiber  wurden installiert und die Festplatte war ansprech- und sichtbar...Liegt als nicht an der Festplatte ... Meinst Du ich kann mein System komplett sichern (wenn es denn mal mit der neuen FP klappt), Windows neu installieren und alles zurücksichern, ohne mir einen Virus von der Sicherung erneut auf das System zu kopieern ? Gruss Derzapfer |
|
05.11.2012, 15:22
| #28 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenZitat:
Sinn würde das NUR machen, wenn man sicher ist, das auf der Non-Systempartition ein Programmordner nur rein mit portable Apps bestückt ist Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.11.2012, 16:28
| #29 |
| | Windows 7 schwarzer Bildschirm mit Maus nach dem booten Hi Cosinus Werde ich machen ... Melde mich so schnell wie möglich, wenn ich Chipsatz- und Motherboardinfos gefunden habe um die Treiber installieren zu können. Dank und Gruss Derzapfer Hi Cosinus, was weiss die Welt jetzt nach den ganzen Posts über mich und mein PC ? (Ich habe das Gefühl unwissend und blauäugig die Hosen runtergelassen zu haben) Code:
ATTFilter # AdwCleaner v2.006 - Datei am 05/11/2012 um 18:47:55 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx- xxx
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\derneuste\Desktop\Virensuchprogramme zT alt\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\Search_Results.xml
Datei Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\derneuste\Desktop\Search The Web.url
Datei Gefunden : C:\Users\derneuste\Desktop\sweetpcfix.url
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\DERNEU~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\derneuste\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Users\derneuste\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Itunes_Juliana\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\APN DTX
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BFF6B2CA-366C-4A90-B685-D87776DEB0D2}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.imesh.net
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\derneuste\AppData\Roaming\Mozilla\Firefox\Profiles\rnt99qkn.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2");
Gefunden : user_pref("extensions.asktb.cbid", "^ABT");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2012.11.04+05.33.31-toolbar009iad-DE-RG9ydG11bmQsR2VybWFueQ%3D%[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&gct=[...]
Gefunden : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "44a357d9-393a-40f1-b0d6-cd7765c20ae9");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1352137545356");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Dortmund,Germany");
Gefunden : user_pref("extensions.asktb.notification-shown", true);
Gefunden : user_pref("extensions.asktb.o", "APN10395");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "8B05E438-3C3B-4CAF-9782-6361CCDB8502");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "04.11.2012 14:34:27");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.4.100015");
Gefunden : user_pref("extensions.asktb.version", "5.15.4.23930");
Gefunden : user_pref("extensions.enabledAddons", "{1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0,wrc@avast.com:7.0.[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Profilname : default
Datei : C:\Users\Itunes_Juliana\AppData\Roaming\Mozilla\Firefox\Profiles\33wl3otb.default\prefs.js
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\kpdwgzwt.default\prefs.js
Gefunden : user_pref("browser.search.selectedEngine", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R1].txt - [11934 octets] - [05/11/2012 18:47:55]
########## EOF - C:\AdwCleaner[R1].txt - [11995 octets] ##########
PS: Wann löschen wir die gefundenen Programme und Viren eigentlich ? |
|
06.11.2012, 10:23
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 schwarzer Bildschirm mit Maus nach dem bootenZitat:
Die anderen Logs waren unauffällig, was gibt es da zu löschen? Und das Log vom adwCleaner hast du eben erst gerade gepostet! adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7 schwarzer Bildschirm mit Maus nach dem booten |
| anmelden, anmeldung, bildschirm, bildschirm schwarz, booten, booten schlägt fehl, bootvorgang, farben, gen, hallo zusammen, hängen, icon, internet, kaspersky, kleine, maus, maus sichtbar, meldung, nichts, problem, rechner, schwarzer bikdschirm, schwarzer bildschirm, system, viren, windows, windows 7, zugriff |
Linear-Darstellung
