|
Log-Analyse und Auswertung: vlc player änderte browser startseite zu startfenster.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.12.2012, 15:14 | #1 |
| vlc player änderte browser startseite zu startfenster.com Hallo zusammen, hatte Probleme beim Updaten vom VLC Player. Danach habe ich ihn deinstalliert und mir die Version 2.0.4 heruntergeladen und installiert, leider von www.vlc.de/. Nun habe ich keine Ahnung ob jetzt Startfenster.com ein Trojaner ist oder nicht. Ich habe OTL.exe ausgeführt und stelle nun die zwei Logfiles in mein Thread: OTL logfile created on: 12/25/2012 1:47:15 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni Zbinden\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free 3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 46.27 Gb Free Space | 54.43% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 126.10 Gb Free Space | 98.68% Space Free | Partition Type: NTFS Computer Name: TONIS-NETBOOK | User Name: Toni Zbinden | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/25 13:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe PRC - [2012/12/25 10:40:27 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012/12/17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/12/14 10:17:03 | 009,876,472 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe PRC - [2012/12/14 10:08:24 | 000,190,968 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012/10/11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe PRC - [2012/10/10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/10/26 22:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe PRC - [2010/07/30 11:40:54 | 000,090,112 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe PRC - [2010/06/22 13:29:28 | 000,098,304 | ---- | M] () -- C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe PRC - [2010/06/17 15:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe PRC - [2010/06/08 08:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/06/03 03:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/04/07 19:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/03/25 20:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe ========== Modules (No Company Name) ========== MOD - [2012/12/25 10:40:26 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/05/30 16:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\wincfi39.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/06/22 13:29:28 | 000,098,304 | ---- | M] () -- C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012/12/25 11:32:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/25 10:40:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/10/11 04:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe -- (NCO) SRV - [2012/10/10 19:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe -- (NAV) SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012/08/23 13:59:56 | 000,701,288 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Toni Zbinden\AppData\Local\Temp\7zS3571\hpslpsvc32.dll -- (HPSLPSVC) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/10/26 22:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar) SRV - [2010/07/30 11:40:54 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST) SRV - [2010/06/17 15:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager) SRV - [2010/04/07 19:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp) DRV - [2012/11/09 16:44:06 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\IPSDefs\20121222.001\IDSvix86.sys -- (IDSVix86) DRV - [2012/11/01 23:45:29 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/11/01 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121224.025\NAVEX15.SYS -- (NAVEX15) DRV - [2012/11/01 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\VirusDefs\20121224.025\NAVENG.SYS -- (NAVENG) DRV - [2012/10/24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86) DRV - [2012/10/08 18:00:02 | 000,586,400 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\srtsp.sys -- (SRTSP) DRV - [2012/10/04 03:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD02000.012\ccSetx86.sys -- (ccSet_NST) DRV - [2012/10/03 18:40:36 | 000,927,904 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\SymEFA.sys -- (SymEFA) DRV - [2012/10/03 18:40:20 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\SymDS.sys -- (SymDS) DRV - [2012/10/03 18:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\ccSetx86.sys -- (ccSet_NAV) DRV - [2012/09/06 19:05:14 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\symnets.sys -- (SymNetS) DRV - [2012/09/06 18:48:08 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\Ironx86.sys -- (SymIRON) DRV - [2012/09/06 18:40:52 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1402000.013\srtspx.sys -- (SRTSPX) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012/08/19 12:20:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/08/19 12:20:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/09/28 17:03:06 | 000,061,312 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/05/18 09:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/05/18 09:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2011/01/27 19:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/05 23:03:48 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport) DRV - [2010/07/08 09:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2010/06/17 16:09:04 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser) DRV - [2010/06/14 14:14:48 | 000,064,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mvd21.sys -- (mvd21) DRV - [2010/03/18 16:24:34 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys -- (mdf15) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 17:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2009/06/17 17:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/04/08 14:41:32 | 000,140,832 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/ IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes,DefaultScope = {E7D23707-11E5-4A4E-83AD-EFE288C0B30E} IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\..\SearchScopes\{E7D23707-11E5-4A4E-83AD-EFE288C0B30E}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKU\S-1-5-21-1076387279-2608573375-2991349267-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com" FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.2.0.19\IPSFFPlgn\ [2012/11/11 06:49:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2012/12/25 11:44:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/25 10:40:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/02 19:25:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/09/30 09:32:48 | 000,000,000 | ---D | M] [2011/01/03 00:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Extensions [2012/12/25 10:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Firefox\Profiles\eywv22kj.default\extensions [2011/06/05 11:24:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\Firefox\Profiles\eywv22kj.default\extensions\engine@conduit.com [2012/12/25 10:38:44 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\firefox\profiles\eywv22kj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011/01/17 14:40:58 | 000,000,909 | ---- | M] () -- C:\Users\Toni Zbinden\AppData\Roaming\mozilla\firefox\profiles\eywv22kj.default\searchplugins\conduit.xml [2012/04/09 16:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/25 10:40:28 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/12 14:47:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/12/25 10:40:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/12/25 10:40:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/25 10:40:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/12/25 10:40:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/12/25 10:40:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/12/25 10:40:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [ModemListener] C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe () O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [] File not found O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1076387279-2608573375-2991349267-1000..\Run: [Remote Control Editor] "C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.koch.ch/Katalog/smsx.cab (MeadCo ScriptX) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{468F1D40-86A8-462E-91C0-6F7815098840}: DhcpNameServer = 212.60.61.246 212.60.63.246 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0654CE-56F1-4980-B57C-8D7BDE734E0A}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell - "" = AutoRun O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\configure\command - "" = E:\setup.exe O33 - MountPoints2\{48f594b6-f414-11e0-854e-002454ea03f6}\Shell\install\command - "" = E:\setup.exe O33 - MountPoints2\{ba8be99b-0dd7-11e0-8ee1-001bb166b6a2}\Shell - "" = AutoRun O33 - MountPoints2\{ba8be99b-0dd7-11e0-8ee1-001bb166b6a2}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: ModemListener - hkey= - key= - C:\Program Files\Sunrise T@KE AWAY\ModemListener.exe () MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) MsConfig - StartUpReg: start_sunrise volumecounter - hkey= - key= - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/25 13:43:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe [2012/12/25 12:36:22 | 000,000,000 | ---D | C] -- C:\Users\Toni Zbinden\Doctor Web [2012/12/25 10:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/25 10:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/25 10:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/25 10:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/12/25 10:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/12/25 10:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/12/02 19:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/12/02 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2012/12/25 13:49:01 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/25 13:49:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/25 13:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni Zbinden\Desktop\OTL.exe [2012/12/25 13:32:18 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/25 12:33:15 | 107,296,720 | ---- | M] () -- C:\Users\Toni Zbinden\Desktop\zgb5zjh2.exe [2012/12/25 11:55:11 | 000,001,198 | ---- | M] () -- C:\Users\Toni Zbinden\Desktop\Startfenster.lnk [2012/12/25 11:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/25 11:52:09 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/25 11:44:22 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012/12/25 11:43:58 | 000,453,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/12/25 11:43:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/25 11:43:00 | 2136,260,608 | -HS- | M] () -- C:\hiberfil.sys [2012/12/25 10:48:34 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/02 19:25:12 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/28 05:33:40 | 000,699,566 | ---- | M] () -- C:\windows\System32\perfh010.dat [2012/11/28 05:33:40 | 000,674,544 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/11/28 05:33:40 | 000,633,294 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/11/28 05:33:40 | 000,140,076 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/11/28 05:33:40 | 000,132,426 | ---- | M] () -- C:\windows\System32\perfc010.dat [2012/11/28 05:33:40 | 000,114,536 | ---- | M] () -- C:\windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012/12/25 12:31:53 | 107,296,720 | ---- | C] () -- C:\Users\Toni Zbinden\Desktop\zgb5zjh2.exe [2012/12/25 11:55:11 | 000,001,198 | ---- | C] () -- C:\Users\Toni Zbinden\Desktop\Startfenster.lnk [2012/12/25 11:28:49 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012/12/25 10:48:34 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/02 19:25:12 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/11 20:59:18 | 000,009,042 | ---- | C] () -- C:\Users\Toni Zbinden\SunriseTVKonfiguration.pdf [2012/09/29 15:57:27 | 000,008,704 | ---- | C] () -- C:\windows\System32\CNMVS79.DLL [2012/09/08 07:58:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/08/19 13:52:00 | 000,335,478 | ---- | C] () -- C:\windows\System32\perfi010.dat [2012/08/19 13:51:59 | 000,699,566 | ---- | C] () -- C:\windows\System32\perfh010.dat [2012/08/19 13:51:59 | 000,132,426 | ---- | C] () -- C:\windows\System32\perfc010.dat [2012/08/19 13:51:59 | 000,037,534 | ---- | C] () -- C:\windows\System32\perfd010.dat [2012/01/18 21:43:44 | 000,007,605 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\Resmon.ResmonCfg [2011/10/11 20:04:22 | 000,000,100 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\fusioncache.dat [2011/07/29 05:06:24 | 000,140,832 | R--- | C] () -- C:\windows\System32\drivers\USB_0064.sys [2011/01/07 12:11:46 | 000,038,912 | ---- | C] () -- C:\windows\System32\FirmwareRecovery.exe [2011/01/04 13:17:12 | 000,237,637 | ---- | C] () -- C:\windows\System32\nbt.exe [2010/12/24 01:20:35 | 000,003,584 | ---- | C] () -- C:\Users\Toni Zbinden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/23 09:48:04 | 000,001,024 | ---- | C] () -- C:\Users\Toni Zbinden\.rnd [2010/12/22 07:32:33 | 000,015,428 | ---- | C] () -- C:\Users\Toni Zbinden\RefEdit.exd [2010/12/21 00:31:06 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/03/23 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Canneverbe Limited [2011/03/23 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DeepBurner [2011/03/14 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Duden [2011/03/28 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DVDVideoSoft [2011/05/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\GetRightToGo [2010/12/30 09:23:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Leadertech [2011/09/30 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia [2011/09/30 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia Ovi Suite [2011/11/01 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\PC Suite [2012/09/27 09:12:14 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TeamViewer [2011/11/19 11:25:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TerraTec [2011/01/13 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Tific ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/05/12 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Adobe [2012/03/12 12:47:07 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Apple Computer [2011/03/14 08:41:57 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Brother [2011/03/23 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Canneverbe Limited [2011/03/23 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DeepBurner [2011/03/14 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Duden [2011/10/25 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\dvdcss [2011/03/28 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\DVDVideoSoft [2011/05/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\GetRightToGo [2012/09/08 08:18:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\HpUpdate [2010/12/21 00:49:25 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Identities [2011/06/24 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\InstallShield [2010/12/30 09:23:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Leadertech [2011/12/27 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Logishrd [2011/12/27 17:34:52 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Logitech [2010/12/20 21:13:54 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Macromedia [2012/12/10 18:21:48 | 000,000,000 | --SD | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft [2011/01/03 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Mozilla [2011/02/15 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\NCH Software [2010/12/31 07:54:45 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nero [2011/09/30 15:15:04 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia [2011/09/30 15:15:08 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Nokia Ovi Suite [2011/11/01 12:46:51 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\PC Suite [2011/02/16 22:20:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Real [2010/12/23 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Skype [2012/09/27 09:12:14 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TeamViewer [2011/11/19 11:25:18 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\TerraTec [2011/01/13 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Toni Zbinden\AppData\Roaming\Tific < %APPDATA%\*.exe /s > [2011/03/14 10:47:51 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\ARPPRODUCTICON.exe [2011/03/14 10:47:51 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe [2011/03/14 10:47:51 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut2_D216F3B2761946D6B253BD0528BFB287.exe [2011/03/14 10:47:51 | 000,073,728 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe [2011/03/14 10:47:51 | 000,069,632 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe [2010/12/30 10:27:18 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* > [2012/07/30 19:04:48 | 000,000,174 | -HS- | M] () -- C:\Users\Toni Zbinden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini < %APPDATA%\*AcroIEH*.* > < %APPDATA%\*.exe > < %APPDATA%\*.tmp > ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643 < End of report > OTL Extras: OTL Extras logfile created on: 12/25/2012 1:47:15 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Toni Zbinden\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.67% Memory free 3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 46.27 Gb Free Space | 54.43% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 126.10 Gb Free Space | 98.68% Space Free | Partition Type: NTFS Computer Name: TONIS-NETBOOK | User Name: Toni Zbinden | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1076387279-2608573375-2991349267-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{047B0AD2-A48B-4D84-93D5-4FF7BE84A240}" = lport=2869 | protocol=6 | dir=in | app=system | "{057598F0-6C5A-479A-AC7A-6F3D83E75D4A}" = lport=1935 | protocol=6 | dir=in | name=broadcam video streaming server flash video server | "{08565CA5-9CD5-424A-9329-D166D8427913}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B89A19F-C725-4E6D-B813-47C8DEF354A3}" = lport=86 | protocol=6 | dir=in | name=broadcam video streaming server web server | "{0CD5C8AD-DA1D-48A3-B724-575D6D9F1B5A}" = rport=139 | protocol=6 | dir=out | app=system | "{0F61BC04-2FAC-4BA0-BD6D-FC4F3E740B6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{13700F95-BE6C-45C9-A868-7A9A893B9EC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{14500E3C-D231-4D38-A638-11C871D93497}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1A5FCDA0-549E-484A-BD5B-210445C69C5E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1D6C7136-5263-4021-A002-1D82BDF8D9ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{21753F0C-F803-49FE-9F1F-3F98366A1843}" = lport=10245 | protocol=6 | dir=in | app=system | "{30421562-4F55-45C6-9A4D-45B0D4C9F737}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{31498937-D600-4D35-BBC7-0ED82376F7F5}" = rport=137 | protocol=17 | dir=out | app=system | "{34796AD9-1F6F-49B6-B853-EB8CBF18CBD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{347A73A9-C19B-40E5-9A8D-4A1C7CD3DEEC}" = rport=10243 | protocol=6 | dir=out | app=system | "{35EF45CB-8C84-4849-BA4B-16429A79EBBD}" = lport=137 | protocol=17 | dir=in | app=system | "{413C9DB5-61FB-46B1-97EA-F5F3FA673663}" = lport=445 | protocol=6 | dir=in | app=system | "{4888D39D-A45B-484C-8DD6-54F714EBE14C}" = lport=10243 | protocol=6 | dir=in | app=system | "{4A009D76-EF86-4688-8F16-31A66197EFFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{68D51BAE-831D-415B-95B2-6B26D04EF5F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{77EEBFA0-D3E5-4B6A-85B4-F5564692D20D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7ABFF406-BDE0-41EA-9DF3-E09B96013688}" = lport=138 | protocol=17 | dir=in | app=system | "{7EBEE42C-8C98-42FB-A4FB-C721AB0C2100}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7EF7CD88-83B4-4B9F-B5B8-897F7E77D2EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C02292B-3204-44A9-B679-93134EC06038}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9343ED7C-4281-4163-9FC4-B4BB798C2368}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AAD695AC-96D8-4A2A-8AB3-196F45D9D55B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B010A2F4-9818-45F4-BE51-615BC91163A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B0497EF0-A857-4118-B3FE-C8B4DDD86640}" = lport=2869 | protocol=6 | dir=in | app=system | "{B70B4F02-2ED4-4668-9962-E1F843E2770C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BAF8AA0F-B981-4CFC-9B7F-35DA9AAE2657}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C9F04C83-F503-4E13-B655-E074DABDECD0}" = lport=139 | protocol=6 | dir=in | app=system | "{CA071383-CF05-4918-AEA4-0D2FC3B8C404}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DBBA8526-E7AD-4E59-8E26-B7106E1CEB46}" = rport=445 | protocol=6 | dir=out | app=system | "{DD84F9F0-A0CE-419A-BBDB-CEBA43B4965D}" = rport=138 | protocol=17 | dir=out | app=system | "{ED03AB94-C85E-401E-8439-86CD32EAA850}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EDDC7D86-20C9-48A3-90B2-8C40ECA91385}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F2F8A029-FCB2-4EF7-B7A3-4ED1A1A36663}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06739A64-8701-460A-A8E5-79E45B96E549}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{09C6964C-CB6A-4FF6-9E5E-90E9E29B42E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{12F1B3DF-67C0-49AD-82A4-A8F9C509F5D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1FD0279D-6F48-4E09-AD58-F60191BF15D2}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{22D4ABDE-279D-4DF2-99CA-B58CECD66682}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{31E4D458-2285-476B-BB07-0F27135FEA81}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{35F07505-37D4-4D41-AA26-0E5B2316FBB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{363C1C03-8060-46D8-B729-2C30DF52A223}" = protocol=17 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\{ffd8adc8-5124-416e-9844-86e94f4a9e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{40DB92CD-5FD3-4BD4-A1F5-C0D6F3339B80}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{53B36D63-ABD3-4EB0-ABAC-54E2BDFFE4B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{548FA224-A262-4D5C-BC92-45A8C4954F57}" = protocol=17 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\7zs3571\hppiw.exe | "{5B9EDE68-49D7-4ABE-B478-32BF6BC710CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5BEE99F6-DF6E-4E4A-9D67-8D8CED42762E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{61EDF81C-F3FC-42C0-ADB0-F8DA2E425167}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "{620B79EE-A500-4815-81E8-860DE3D8B1EA}" = protocol=6 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\7zs3571\hppiw.exe | "{6BA153D5-514A-4FE7-8BF6-70CC7398AC3D}" = protocol=6 | dir=in | app=c:\users\toni zbinden\appdata\local\temp\{ffd8adc8-5124-416e-9844-86e94f4a9e18}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | "{6EE14AF7-5E22-4CDA-9DAA-3584A0CE44BC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | "{72A7220C-7FFD-4316-93AD-FF11CDEF5EB3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | "{79ED4177-1EDF-4379-85D2-C2427A0EBB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7BC967D6-E07A-4B5B-B300-06064D890ACE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7CB301A5-37E7-49B1-B371-32FE3690F97E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{80E48D56-AD76-49BD-86B2-03F1A8511F62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{83C2BDE3-B941-4629-8555-0ADA2CA5306C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{845609F9-D225-41E9-96C2-C56DAE09F413}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D225D75-A503-42DA-9B4D-6BF36F2B7109}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{91BF415E-4EE1-432B-A107-64C5AC3EDCC2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{933B4D28-1C75-42FB-AC99-B9B4622A7E08}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9779569A-040E-4AA2-8C18-84DFABDBFF03}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9D87A9D8-D9C1-4045-9A21-8536888C73E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A0DE668D-6E91-4E1E-8232-7C75C570FEBF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{A5CD4449-E50F-4F78-8597-F2B829FB414F}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | "{AB7770BD-753E-42B2-BB2C-105513820BC8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B0730F7B-4E1D-4BB1-A03A-DB81BA477532}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{B2283929-C8E9-4258-A93F-2504796DD383}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B7C07006-CE68-4173-99B3-DC88B8FF737E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{BC08911F-A3B1-4D26-97A6-8C867C732366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C6F292D6-5A3A-4830-B3FE-C10B8C26274C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C7C73888-BC98-4672-B749-E541AEDB8808}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{CD48EE54-B652-407D-AFE4-2D843D6A703B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D28C0AA0-F9E1-455B-9441-9477A6D0F01A}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{D51EB619-D472-4933-9AA3-A51A371DE2EB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{DC5FDFF3-BC67-44E1-A3BD-D99CEAC15DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{DF313FA4-7A88-4665-B9D0-461E3475A38E}" = protocol=6 | dir=out | app=system | "{EC5CAD1A-3B00-44AC-BFF5-AD4329A14282}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{0E57C7EB-D99E-47BB-9C22-0429CD87B5CD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{1DD55E29-D566-402D-90BC-9082FFB2C9DD}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{496A1F10-5B3F-4626-AE5C-E800A69AF01C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{5822B4E9-8AB2-4DAF-9366-354C08D08516}C:\program files\belkin\home base control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | "TCP Query User{C5FA58B0-18D5-4F45-9667-AF91032EB957}C:\program files\enigma2tool\enigma2tool.exe" = protocol=6 | dir=in | app=c:\program files\enigma2tool\enigma2tool.exe | "UDP Query User{1AE47685-AB15-48DF-8294-CAF1FA0F48BD}C:\program files\enigma2tool\enigma2tool.exe" = protocol=17 | dir=in | app=c:\program files\enigma2tool\enigma2tool.exe | "UDP Query User{3C4BBB31-73E1-475B-B507-C5A3C2880B6C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{9B387B5E-DCE2-4448-A2D4-365A144E1852}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{EC6BAD15-8A1D-4274-95C0-CB38DD54F2B4}C:\program files\belkin\home base control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\home base control center\connect.exe | "UDP Query User{F5E2A703-96FD-466A-ACC6-628841FB3B15}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DAE6568-A917-4CE5-A26A-73CDBFC50A24}" = Duden Korrektor PLUS Update "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{556ADFBF-8CEA-4B4C-BD1B-E276F968E75B}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_3 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_3) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager "{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E554A6F-7BA1-4FCE-ABFA-430A24631111}" = Duden Korrektor Patch 022010 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79877D91-91C3-487F-9CD8-5262F2E4FB29}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_2 (c:\SiLabs\MCU\CP210x\Windows_XP_S2K3_Vista_7_2) "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6799E87-8D43-4058-BC5F-F03D6346789C}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "CCleaner" = CCleaner "DreamBoxEdit" = dreamboxEDIT -- The one and only settings editor for your Dreambox "Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAV" = Norton AntiVirus "Nokia Ovi Suite" = Nokia Ovi Suite "NST" = Norton Identity Safe "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "SolarApp" = Logitech Solar App 1.0 "sp6" = Logitech SetPoint 6.20 "Sunrise T@KE AWAY ALCATEL_is1" = Sunrise T@KE AWAY "TeamViewer 8" = TeamViewer 8 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/2/2012 2:11:29 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 18 Error - 12/2/2012 2:11:29 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 19 Error - 12/2/2012 2:11:30 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 20 Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 21 Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 22 Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 23 Error - 12/2/2012 2:11:32 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 24 Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 1 Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 2 Error - 12/2/2012 3:17:05 PM | Computer Name = Tonis-Netbook | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 3 [ System Events ] Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2758857) Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2753842) Error - 12/25/2012 6:15:44 AM | Computer Name = Tonis-Netbook | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2779030) Error - 12/25/2012 6:17:15 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 12/25/2012 6:18:15 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016 Description = Error - 12/25/2012 6:23:35 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7043 Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error - 12/25/2012 6:24:53 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 12/25/2012 6:25:51 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016 Description = Error - 12/25/2012 6:44:32 AM | Computer Name = Tonis-Netbook | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 12/25/2012 6:45:31 AM | Computer Name = Tonis-Netbook | Source = DCOM | ID = 10016 Description = < End of report > Besten Dank im Voraus. Gruss Sbidi |
26.12.2012, 12:31 | #2 |
/// TB-Ausbilder | vlc player änderte browser startseite zu startfenster.com Servus,
__________________Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
28.12.2012, 22:14 | #3 |
| vlc player änderte browser startseite zu startfenster.com Guten Tag
__________________Ich habe die Schritte 1-4 ausgeführt und im Anhang habe ich die drei Logdateien. Besten Dank. Freundliche Grüsse Sbidi |
30.12.2012, 13:02 | #6 |
/// TB-Ausbilder | vlc player änderte browser startseite zu startfenster.com Servus, Fixen mit OTL
Code:
ATTFilter :OTL @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:8530A643 :Commands [emptytemp]
Gibt es noch Probleme mit einer veränderten Startseite? Wenn ja, in welchem Browser? |
02.01.2013, 17:58 | #7 |
/// TB-Ausbilder | vlc player änderte browser startseite zu startfenster.com Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
Themen zu vlc player änderte browser startseite zu startfenster.com |
4d36e972-e325-11ce-bfc1-08002be10318, adobe, alcatel, antivirus, autorun, bho, bonjour, browser, defender, enigma, error, excel, explorer, firefox, format, install.exe, installation, mozilla, plug-in, realtek, registry, remote control, rundll, scan, software, svchost.exe, symantec, temp, trojaner, udp, windows, wrapper |