| |
| |||||||
Log-Analyse und Auswertung: Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.05.2013, 19:25
| #16 |
| /// Helfer-Team  |  Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Danke. wir wuenschen eine virenfreie Zeit  |
|
09.05.2013, 15:13
| #17 |
 | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Sorry, etwas Wichtiges ist mir noch aufgefallen! Also mein Computer geht ziemlich langsam, und ich habe ein Programm, das sich nicht löschen lässt: "Snap.do" (Wenn ich es deinstallieren will, kommt: "Preparing to remove...", dann: "Please wait while Windows configures Snap.do...", dann verschwindet die Meldung, als wäre es fertig, aber Snap.do ist noch immer da!). Ich bin mir ziemlich sicher, dass ich dieses Programm an dem Tag bekam, an dem der Trojaner auftrat! Bitte, wenn du mir hier noch helfen könntest, das wäre super. |
|
09.05.2013, 16:21
| #18 |
| /// Helfer-Team | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. ok:
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
|
09.05.2013, 18:11
| #19 |
| | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Danke. Übrigens braucht mein Rechner nicht nur gute fünf Minuten zum Hochfahren; ich kann ihn auch nicht mehr in den Ruhezustand schicken. Denn wenn ich es tue, fährt er sofort wieder hoch... Hier die Logs: AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.300 - Datei am 09/05/2013 um 17:36:46 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Leon - DELL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Leon\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Leon\AppData\Local\Temp\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\Software\Conduit
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Chromium vnstall: 16724
Datei : C:\Users\Leon\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1116 octets] - [09/05/2013 17:36:46]
########## EOF - C:\AdwCleaner[S1].txt - [1176 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.05.2013 19:17:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free 4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 203,24 Gb Total Space | 134,90 Gb Free Space | 66,37% Space Free | Partition Type: NTFS Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS Computer Name: DELL-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Leon\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll () MOD - C:\Windows\System32\atitmmxx.dll () ========== Services (SafeList) ========== SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (brmfrsmg) -- C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.) ========== Driver Services (SafeList) ========== DRV - (NTGUARD) -- C:\Program Files\A1 Internetschutz\bin\NTGUARD.SYS File not found DRV - (MpKslefcb334f) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D39BCF1-F8B8-43C9-8707-7D3F336DCC4B}\MpKslefcb334f.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation) DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (BDA_Capture_225) -- C:\Windows\System32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD) DRV - (BrUsbScn) -- C:\Windows\System32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (brfilt) -- C:\Windows\System32\drivers\BrFilt.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 87 9A 81 EE 4B CE 01 [binary data] IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 01:04:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 01:04:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.08 02:12:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Users\Leon\Desktop\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Users\Leon\Desktop\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.13 01:01:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.08 02:12:18 | 000,000,000 | ---D | M] [2012.01.24 05:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions [2011.03.23 14:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.06.04 14:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2011.12.18 02:52:29 | 000,001,766 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.derstandard.at O1 - Hosts: 127.0.0.1 derstandard.at O1 - Hosts: 127.0.0.1 www.diepresse.com O1 - Hosts: 127.0.0.1 diepresse.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {968631B6-4729-440D-9BF4-251F5593EC9A} - No CLSID value found. O3 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.05.09 16:30:43 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C4051C7-D34A-4085-905F-947728AF463F}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D410E442-F380-4A2F-B7D9-77889AE698C3}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-854732791-1063999141-2137841064-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Leon\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\AutoRun\command - "" = K:\ O33 - MountPoints2\{01d1aa9b-af13-11dd-b701-001aa09eca84}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 19:15:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.05.09 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2013.05.09 16:30:43 | 000,000,000 | -H-D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.05.09 15:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.05.09 15:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.09 01:07:49 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Freecorder 8 Video [2013.05.08 15:10:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.08 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2013.05.08 14:54:22 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.05.08 14:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2013.05.08 14:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.05.08 13:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.08 13:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.05.08 03:05:51 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\OneNote-Notizbücher [2013.05.08 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.05.08 00:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\hsswpr_lock [2013.05.08 00:27:57 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.05.08 00:25:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.05.08 00:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.05.08 00:14:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2013.05.08 00:14:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2013.05.08 00:14:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2013.05.08 00:13:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Windows Live [2013.05.08 00:13:05 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2013.05.08 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013.05.07 22:38:26 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013.05.07 22:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdateInstaller [2013.05.07 22:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate [2013.05.07 22:21:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.05.07 22:21:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.05.07 22:21:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.07 22:21:21 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.05.07 22:21:21 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.05.07 22:21:21 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.05.07 22:21:21 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.05.07 22:21:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.05.07 22:21:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.07 22:21:21 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.05.07 22:21:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.07 22:21:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.07 22:21:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.05.07 22:21:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.07 22:21:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.07 22:21:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.07 22:21:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.05.07 22:21:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.07 22:21:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.07 22:21:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.07 22:21:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.07 22:21:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.07 22:21:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2013.05.07 22:21:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2013.05.07 22:21:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.05.07 22:21:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.05.07 22:21:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.07 22:21:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2013.05.07 22:21:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.05.07 22:21:20 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.05.07 22:21:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.05.07 22:21:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2013.05.07 22:21:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.05.07 22:21:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.05.07 22:21:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.05.07 22:21:19 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.05.07 22:21:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.05.07 13:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.07 13:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.07 13:21:53 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.07 13:21:53 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.05.05 21:57:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Malwarebytes [2013.05.05 21:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.05 21:55:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.05.05 21:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.05.05 21:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.03 23:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jaksta Technologies [2013.05.03 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension [2013.04.13 01:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.04.10 15:47:38 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 15:47:37 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 15:47:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 15:45:52 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 15:45:39 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [4 C:\Users\Leon\Desktop\*.tmp files -> C:\Users\Leon\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.09 19:15:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.05.09 19:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.09 18:53:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 18:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.09 17:55:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.09 17:52:15 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 17:52:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 17:51:56 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2013.05.09 17:50:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.09 17:34:33 | 000,628,743 | ---- | M] () -- C:\Users\Leon\Desktop\adwcleaner.exe [2013.05.09 01:13:01 | 000,210,944 | ---- | M] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.09 00:22:40 | 000,022,468 | ---- | M] () -- C:\Users\Leon\Desktop\Notizen.odt [2013.05.08 23:33:44 | 000,366,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.08 17:49:13 | 000,181,182 | ---- | M] () -- C:\Users\Leon\Desktop\Meine unerträglich schmerzhafte Kindheit.odt [2013.05.08 16:26:56 | 000,026,121 | ---- | M] () -- C:\Users\Leon\Desktop\Meine Schulzeit im Landstraßer Gymnasium.odt [2013.05.08 16:21:36 | 000,021,590 | ---- | M] () -- C:\Users\Leon\Desktop\Das musst du unbedingt schreiben.odt [2013.05.08 14:56:00 | 000,000,990 | ---- | M] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.08 14:54:24 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.08 00:43:39 | 000,654,256 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.08 00:43:39 | 000,618,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.08 00:43:39 | 000,129,026 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.08 00:43:39 | 000,106,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.08 00:13:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.05.07 22:21:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2013.05.07 22:21:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2013.05.07 22:21:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.05.07 22:21:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.05.07 22:21:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.07 22:21:21 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.05.07 22:21:21 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.05.07 22:21:21 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.05.07 22:21:21 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.05.07 22:21:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.05.07 22:21:21 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.07 22:21:21 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.05.07 22:21:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.07 22:21:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.05.07 22:21:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.05.07 22:21:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.05.07 22:21:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.05.07 22:21:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.05.07 22:21:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.07 22:21:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.05.07 22:21:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.05.07 22:21:20 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.07 22:21:20 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.07 22:21:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.07 22:21:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.07 22:21:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2013.05.07 22:21:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2013.05.07 22:21:20 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.05.07 22:21:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.05.07 22:21:20 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.07 22:21:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2013.05.07 22:21:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.05.07 22:21:20 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.05.07 22:21:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.05.07 22:21:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2013.05.07 22:21:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.05.07 22:21:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.05.07 22:21:19 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.05.07 22:21:19 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.05.07 22:21:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.05.05 21:55:14 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.02 17:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.05.02 14:21:30 | 005,113,454 | ---- | M] () -- C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3 [2013.04.24 19:51:36 | 005,420,880 | ---- | M] () -- C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3 [2013.04.22 01:11:59 | 000,004,673 | -HS- | M] () -- C:\Users\Leon\Desktop\Folder.jpg [2013.04.22 01:11:59 | 000,001,526 | -HS- | M] () -- C:\Users\Leon\Desktop\AlbumArtSmall.jpg [4 C:\Users\Leon\Desktop\*.tmp files -> C:\Users\Leon\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.09 17:34:30 | 000,628,743 | ---- | C] () -- C:\Users\Leon\Desktop\adwcleaner.exe [2013.05.08 17:49:11 | 000,181,182 | ---- | C] () -- C:\Users\Leon\Desktop\Meine unerträglich schmerzhafte Kindheit.odt [2013.05.08 16:26:54 | 000,026,121 | ---- | C] () -- C:\Users\Leon\Desktop\Meine Schulzeit im Landstraßer Gymnasium.odt [2013.05.08 16:26:20 | 000,022,468 | ---- | C] () -- C:\Users\Leon\Desktop\Notizen.odt [2013.05.08 16:21:23 | 000,021,590 | ---- | C] () -- C:\Users\Leon\Desktop\Das musst du unbedingt schreiben.odt [2013.05.08 14:56:00 | 000,000,990 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.05.08 14:54:24 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.05.08 01:06:55 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.05.08 00:25:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2013.05.08 00:24:28 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2013.05.08 00:23:08 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2013.05.08 00:21:29 | 000,001,987 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2013.05.08 00:13:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.05.08 00:12:32 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013.05.07 22:27:42 | 000,000,911 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.07 22:21:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.05.05 21:55:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.05 15:53:25 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys [2013.05.03 23:10:24 | 000,002,097 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013.05.03 22:59:23 | 005,113,454 | ---- | C] () -- C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3 [2013.05.03 22:59:20 | 005,420,880 | ---- | C] () -- C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3 [2012.12.07 10:48:58 | 000,212,600 | ---- | C] () -- C:\Windows\System32\SBuySupplies.exe [2012.08.05 16:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2012.06.12 14:52:56 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssi1mlm.dll [2012.05.23 16:57:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.05.23 16:56:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT [2011.12.24 03:45:22 | 000,001,386 | -HS- | C] () -- C:\Users\Leon\AppData\Roaming\systemFP.$dk [2010.12.16 02:34:34 | 000,010,109 | ---- | C] () -- C:\Users\Leon\AppData\Roaming\UserTile.png [2010.05.18 16:17:16 | 000,004,832 | -H-- | C] () -- C:\Users\Leon\mxfilerelatedcache.mxc2 [2009.04.18 14:40:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.26 22:06:59 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.08.30 15:20:39 | 000,000,680 | ---- | C] () -- C:\Users\Leon\AppData\Local\d3d9caps.dat [2008.04.14 20:39:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.11.30 17:22:38 | 000,210,944 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Verlauf:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\MAGIX_MusicMakerHipHopEdition2:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\MAGIX Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Graboid:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Freecorder:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\FFOutput:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\DVDVideoSoft:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Documents\Ableton:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\Sonstiges:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\Simple Plan- Summer Paradise ft. K'naan (Lyrics).mp3:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Leon\Desktop\James Arthur - Impossible - Official Single.mp3:Roxio EMC Stream @Alternate Data Stream - 16 bytes -> C:\Users\Leon\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.05.2013 19:17:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,52% Memory free
4,24 Gb Paging File | 3,07 Gb Available in Paging File | 72,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 203,24 Gb Total Space | 134,90 Gb Free Space | 66,37% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 5,72 Gb Free Space | 57,20% Space Free | Partition Type: NTFS
Drive L: | 19,53 Gb Total Space | 19,43 Gb Free Space | 99,50% Space Free | Partition Type: NTFS
Drive X: | 232,83 Gb Total Space | 224,81 Gb Free Space | 96,56% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: Leon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" =
"AntiVirusOverride" =
"FirewallDisableNotify" =
"FirewallOverride" =
"FirstRunDisabled" =
"UpdatesDisableNotify" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A1D2E3-0159-4CA5-8F01-633E85258024}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{0CCB58F7-8780-4ABC-8CA3-51BC6C9909D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0E34F2F7-A9D7-4496-B080-243C66B0A34C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{1143C70C-32C4-4686-990C-28265803D04D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1C77DB37-25DB-4433-A109-60A1FD73E4C7}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{1DB343EA-DAC9-4573-8465-5B201272F25A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28CF3485-3472-4F0D-A163-B76830F78CEF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C57CB5F-A7C5-4598-8F82-FFD72DF5D6D3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32C95C2C-6867-46BA-BE3F-471393668ED8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{39290B55-2B22-454D-B7AE-B712F10E6752}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EF8AF75-511A-4C78-8CFA-00CFE405B5C5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{51E3BED8-1548-46D7-A040-3657C0B67CC3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{531C4239-7E50-4BC6-9EEB-70172F089236}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{55517118-9DB8-476D-810C-ABF4AD5103C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5CEBC998-F776-48B0-B7D9-617BEB55E1D1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6AAF62EC-F018-435F-9CA1-7C1BE7D10F6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{882F8D9F-0802-4F14-BFF1-F1284D6FA278}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8CA0A776-7FC8-497E-8BA2-BCEA9C5CDC19}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{8DCB0F69-5B96-45B7-AEBF-EFF5784427A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E465578-0C12-4610-BF95-219683C5FEB0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9774CF22-74EA-44D0-96F1-A6F955A219F8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{987700EE-5D8B-4ECB-A593-B596959024DB}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C55020D-2141-4362-B1CD-91623BE7AB5F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9D923621-986D-41FB-BA88-A20FC98DE40A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A99D296B-BCE1-4650-ADE7-11F2DBC07F41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9B3E516-811F-47EE-B1E7-0D9D2C23709B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE193786-6FA4-4EFB-ACB0-FAFDCA0F842E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BE27BFA6-6CBF-4BF7-B414-CB85BB5C6D07}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0140C34-EC8D-4566-AD6A-491E7711CBA4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0C25E83-4DC1-497B-AB14-CBE2FED124F0}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{CFE3C26C-52EC-44FF-AA18-476CAFFEC25C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D6EC9CF8-36CE-4F20-98F4-88065D2589D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE52FE5D-7637-4936-A409-CBA456F741B1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E69F85B7-22C1-4ACB-B8A7-413273958340}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8C5584B-6CA7-43B2-AA86-1B1221DAB5BC}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{EE5150DC-C5C6-406E-B99F-7FF07C7EF0AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0454519F-864A-4390-AF79-6FB5A6ADA143}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0508FBE2-83E5-403A-8D21-C8EF3808EA8A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{06681DF5-8B77-4160-B459-EE1EB7FCA0C9}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{07BC6564-701B-47F5-8184-DE0D653EB0BA}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{0E4BCCFE-8EFB-4308-8FFB-D5C5A1A0B024}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{124AE3A9-C596-4BED-835A-F6F69CB2478F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1808CB43-D1B8-4684-914A-CB68794AFCAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2483BF85-D44E-4370-8BDD-4F25EEC9EDFC}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{2B69AD29-035B-405F-A52F-402C7B6A2E2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31D6D603-4BF3-4903-91D2-254BAEA5E444}" = protocol=17 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe |
"{38D45935-B903-43A8-A213-F44FBBD10B38}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{3D77BBF7-3DC2-4728-BF5D-F306D784D418}" = protocol=6 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe |
"{4D262792-FE96-4CFA-A9C5-96A2DD6D2CFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E479BCC-DB2C-45B4-9F52-2EA89EB6DDC8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{4FD6B4DA-D391-466C-A517-C4B4794D3772}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{54F0BAAF-76F6-4C3E-B5AB-B627C7143825}" = protocol=6 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{5C7BE2D4-3EA9-48C0-9EB6-19E67ECB2B16}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5D08F6F8-EC54-4A8B-891E-B43D79F32F37}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{657DEB62-F8E2-4793-9B72-95E48E39532C}" = protocol=6 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe |
"{68E92467-51CF-4718-8B13-F45004D4B552}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CE67265-A60C-4B53-99F1-2F046ED1A03B}" = protocol=6 | dir=out | app=system |
"{75114C5A-67C2-412C-897D-6153BF77C506}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{778CB886-5749-4AF9-8579-DDCD9D9DF3FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E520238-8498-4856-A7F5-32A55DFA12CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F01B42C-DE38-4CAA-853A-3C74F19C3982}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{83B12CB6-1EB5-4BC3-BA96-00A8DC0D3742}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84E27C76-8CF4-4F85-8E03-5421FC375CAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8BFD8868-13FF-4217-8592-5821B167416E}" = protocol=17 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe |
"{8D4DA714-5D07-4ACA-86D5-60CC48374C86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98B99113-C1F5-4691-816D-78570EC7CCDA}" = protocol=17 | dir=in | app=c:\program files\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{9F1CE2EC-CC03-4BE5-9A5E-C253A8249521}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A826C3F6-3459-4EB9-8574-FCE6A3E3434E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B069D83A-DDB3-4AEC-8917-2D9B8AE7AE4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B2FF9C33-05C5-4C7C-9227-B82D6B3085A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B4FD5CAD-D4A1-4DB7-A40B-B4C92DF66136}" = protocol=6 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe |
"{B60A28E8-2F6D-4812-9225-29C650E18E8B}" = protocol=17 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe |
"{B8C8FA32-9C38-448B-BA24-BE64352ADF7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4A52F1D-15E7-4DB7-AD71-F8F66AA9B209}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{C564684C-8D2E-4FBB-9D18-E063A607FE9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE1E58D3-A529-4FEF-A428-5D0BF50CA839}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9488C6B-69A0-4123-87A5-EF8740BF98E5}" = protocol=17 | dir=in | app=c:\users\leon\desktop\wlan-assistent_rtm.exe |
"{DCD5CD4A-EA64-45EB-9ABE-FDCEED5719D9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E2EE13C5-DCE5-4BF6-B64C-30B921110D25}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E825FDCA-6CF5-4EE8-8622-203B823F3536}" = protocol=17 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe |
"{EDF08E66-44F7-40AE-8C41-77EB903846DD}" = protocol=6 | dir=in | app=c:\users\leon\desktop\sonstiges\wlan-assistent_rtm.exe |
"{EFCBDB5F-8166-4A59-91B8-684DFC6833DC}" = protocol=6 | dir=in | app=c:\program files\applian technologies\freecorder 8 applications\torrent\aria2c.exe |
"{F11BF259-5F06-45D4-BF64-4076CE3631F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F25A542B-85B1-4816-82B7-D5E18AB9A014}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F86E9487-AFE3-446D-96DD-C71AACE91D2A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F8DB1802-B1B4-4F50-AEFF-853FE4A9175A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{129DBC68-088A-4ED1-9800-99CC39AA0318}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{3ED03619-7B94-46D4-8F3D-B4C1623D9C04}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{47AC62DA-E5F1-4B29-942C-DE3823AA64D7}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{5420C13F-06E4-4A13-955F-CBBC225E5589}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5E19D479-52F0-4F5D-9D8C-DDDD8A659DE7}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=6 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"TCP Query User{84176260-E43A-4617-B9BA-59009EFB3C72}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe |
"TCP Query User{A6DDE160-E1E8-4ADA-8773-B79D84A5CFCE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{AF22FBB3-9F78-47B1-BAA1-45DE2B0FF71F}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe |
"TCP Query User{D5BD4524-5575-4ED8-9171-EC5946EE9DB8}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{DC5FEF27-AC9B-4730-8FC7-FEA479B8752B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{DCE76A23-9203-4A9F-9188-007BDB789700}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe |
"TCP Query User{DCEF8876-9521-4F1F-A86B-8E200E574048}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{E0F91657-94A0-48FB-B848-B9633FE0E3B6}C:\users\leon\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\leon\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E37F5762-13B7-4903-9126-31204A5F2F83}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe |
"UDP Query User{0B490985-432D-41AC-8666-F5771D4D43CE}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{109F2FF9-38D7-4714-A211-0D8082442A7A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{17266048-43FA-4F7C-815A-5A7E8665E90C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{180864EB-FE74-47F0-8D56-6FD1D713F1DA}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe |
"UDP Query User{1D74F922-9932-46A0-AF53-98D2877E9608}C:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 9\plugin-container.exe |
"UDP Query User{336D5DFD-38B8-4EC7-B8FE-8F68AB398048}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{362E9BF4-5AB4-47BD-8A48-D869A0E3A97C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{4F84D25C-5419-40ED-A15A-0733CD83C50E}C:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 10\plugin-container.exe |
"UDP Query User{4FF88C37-C752-4AB3-99D8-550E85749A7D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{5F74732E-2F9C-4691-AB88-4776EF9C9883}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{6E254C99-9D1A-469E-8866-3B443E940318}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{774B9551-9078-4350-8AAF-CECD4FC1B460}C:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 7\plugin-container.exe |
"UDP Query User{AA36A05C-9AB0-4D89-A9F8-0BFC4E19356C}C:\program files\sprite software\sprite backup\spriteservice.exe" = protocol=17 | dir=in | app=c:\program files\sprite software\sprite backup\spriteservice.exe |
"UDP Query User{BD5992C3-C80C-4146-A260-A28E362DDEB3}C:\users\leon\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\leon\appdata\local\google\chrome\application\chrome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0339996A-1CC7-4FCD-8BE6-A32076E70272}" = Application Suite
"{045DB95B-F123-B440-D999-AD083AA55196}" = CCC Help German
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{10149D2B-5A65-9DF4-662A-B532FEEC222C}" = Catalyst Control Center Graphics Light
"{11CB6E0D-FFB2-7FAE-17FC-CA92BEE8F24A}" = Catalyst Control Center Localization Japanese
"{1400192B-D969-6FD4-8044-E2D07C5ADE3A}" = Catalyst Control Center Localization German
"{14BD87BE-02AA-8E04-602C-B20A43267F5B}" = CCC Help Japanese
"{1662D4E1-B469-D6A3-085B-0B5350BF7CA5}" = Catalyst Control Center Localization Italian
"{168879EE-A348-BFB7-3622-3651449C629F}" = CCC Help Italian
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1B2E11A4-8566-B8C7-3FB6-0D2A6F8D2139}" = CCC Help Portuguese
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EE437A9-75E3-10D1-3633-D4E8D6043503}" = CCC Help Spanish
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31DABA20-10A1-4746-9D9F-57955B8DFF66}" = Free Games Offer, Desktop Shortcut
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DFDA1A-2392-2DA1-92EB-54FB66DC24C4}" = Catalyst Control Center Graphics Previews Vista
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE8C77E-8703-B62E-8F7C-31F7AA97F2A7}" = Catalyst Control Center Localization French
"{4524E7FD-A547-C564-CD8F-A872F7C39029}" = CCC Help French
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D36E01C-EEC6-F7C2-CBB9-AF00329B8009}" = ATI Catalyst Install Manager
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E4FC36F-A7B5-EE38-2FE4-7D0D94D230F5}" = Catalyst Control Center Localization Portuguese
"{6EF2AFEF-2044-4A85-ED1F-E70A568D7ED9}" = Catalyst Control Center Localization Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F8E142-7720-156D-C74C-80AA0974B993}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7727DA6C-A845-890D-2B48-7863A93F167C}" = Catalyst Control Center Localization Korean
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{848C0C17-7C57-709A-FDC4-F257D4469BAA}" = ccc-utility
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87CA11B3-C4CE-D989-42C7-C6197B266EFD}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9529A038-D507-3B3F-ED6F-B0AB773153FE}" = ccc-core-static
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{994FCE98-1379-2A33-24BC-F092466CC5C4}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1B504F-25BD-325C-0C2A-FEF791F59FE3}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A3B99A45-2811-FA47-3055-3D247C4E2897}" = Catalyst Control Center Graphics Previews Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7C7307-6324-D891-1E53-77B00E4F0961}" = CCC Help Turkish
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EECBB7-BDA4-4E52-2BD6-69D70215AC48}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C279E4B3-9FCD-9D82-7A83-B773C2D4E526}" = Catalyst Control Center Localization Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D192BE-5E2C-92CF-56A0-28C7D9D67B96}" = CCC Help Hungarian
"{C2F3DB53-EF8E-4885-36C4-34C4911FEAE0}" = ccc-core-static
"{C486C7E9-5591-8777-CEB5-FA373AFE6711}" = Catalyst Control Center Localization Spanish
"{C57606D6-7A44-4A99-D6D0-BA07FD3ACCEA}" = Catalyst Control Center Localization Chinese Traditional
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D973AE1D-ACB1-2C54-92FE-A29E2A7482C0}" = CCC Help Thai
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7E639B-0DAC-4587-A6BD-99B7D20E81B2}" = Snap.Do
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0EFA6E0-2A18-A83B-34EA-8435EFEE1285}" = CCC Help Korean
"{E24EDDF0-93A0-95CC-509A-1C012180F8CB}" = Skins
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E53C563F-1157-20B2-1276-755A22E814D2}" = Catalyst Control Center Localization Chinese Standard
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8DA1B1C-B987-9FD4-E4ED-DDA05DCE5E44}" = Catalyst Control Center Graphics Full Existing
"{EDEAA07C-654C-FB13-2F47-A4BDC41D77D0}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DDE283-47CF-30FC-F6C6-258FA404F784}" = Catalyst Control Center Graphics Full New
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F6B8797E-923E-4902-9698-62937FE80FAB}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"aonUpdate" = aonUpdate
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX-Setup
"FormatFactory" = FormatFactory 2.70
"Freecorder 8 Applications" = Freecorder 8 Applications (8.0.0.87)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"Samsung ML-331x Series" = Samsung ML-331x Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2013 07:52:05 | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RoxWatch9.exe, Version 9.0.1.64, Zeitstempel
0x454e37bb, fehlerhaftes Modul CPSCommonTools9.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000135, Fehleroffset 0x00009f5d, Prozess-ID 0x1254,
Anwendungsstartzeit 01ce4cab9e3eeb04.
Error - 09.05.2013 07:52:12 | Computer Name = DELL-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
Error - 09.05.2013 08:48:06 | Computer Name = DELL-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/09 14:48:06.380]: [00002688]: SendSKeySettingToDevice::
Snmp Load Error[0] To[10.0.0.74]
Error - 09.05.2013 09:48:34 | Computer Name = DELL-PC | Source = VSS | ID = 8194
Description =
Error - 09.05.2013 09:55:48 | Computer Name = DELL-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 09.05.2013 09:55:54 | Computer Name = DELL-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 12.0.6668.5000, Zeitstempel
0x5083137f, fehlerhaftes Modul ssi1mdu.dll, Version 6.4.34.0, Zeitstempel 0x508ffdce,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a988, Prozess-ID 0x1e4, Anwendungsstartzeit
01ce4cbce534a657.
Error - 09.05.2013 10:43:11 | Computer Name = DELL-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5102
Error - 09.05.2013 12:52:35 | Computer Name = DELL-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5102
[ Media Center Events ]
Error - 07.01.2008 04:11:11 | Computer Name = DELL | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 10.06.2008 04:38:43 | Computer Name = DELL-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 07.05.2013 21:11:56 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:12:11 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:15:07 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:15:20 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:23:28 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 175
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:23:39 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 07.05.2013 21:24:58 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.05.2013 08:09:36 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.05.2013 08:10:10 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.05.2013 08:54:31 | Computer Name = DELL-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.05.2013 07:59:58 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 08:03:57 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 09.05.2013 08:21:24 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 09:02:23 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 09.05.2013 10:47:08 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 11:40:14 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 11:40:14 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 09.05.2013 11:53:43 | Computer Name = DELL-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Geändert von nometa (09.05.2013 um 18:30 Uhr) |
|
09.05.2013, 19:57
| #20 |
| /// Helfer-Team | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Ist snap.do noch da? Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
09.05.2013, 22:29
| #21 |
| | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Leon on 09.05.2013 at 22:45:18,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Leon\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Leon\appdata\local\discount buddy"
Successfully deleted: [Folder] "C:\Program Files\freecorder extension"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 22:46:30,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Leon on 09.05.2013 at 23:00:14,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 23:01:32,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vielen Dank dafür, der Rechner ist jetzt ungefähr wieder so schnell, wie er war. Das einzige Problem, das geblieben ist: Schicke ich ihn in den Energiespar-Modus oder in den Ruhestand, fährt er gleich wieder hoch. Weißt Du vielleicht, woran das liegen könnte? Geändert von nometa (09.05.2013 um 23:10 Uhr) |
|
10.05.2013, 19:08
| #22 |
| /// Helfer-Team | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Dazu habe ich keine Idee, aber frage bitte hier mal nach: http://www.trojaner-board.de/alles-rund-um-windows/ Da koennen mehr Leute antworten. |
|
11.05.2013, 15:03
| #23 |
| | Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. Mach' ich! See you! |
|
| Themen zu Windows Vista: Weißer Bildschirm nach Start (ohne Text)! - abgesicherter Modus geht. |
| 32 bit, bho, bildschirm, bonjour, broken.opencommand, computern, converter, desktop, firefox, flash player, hotspot, install.exe, limewire, malware.trace, object, plagegeister aller art und deren bekämpfung, plug-in, pup.smspay.pns, realtek, safer networking, sekunden, smartbar, software, svchost.exe, trojan.fakealert, trojaner, weißer bildschirm, win32/adware.ibryte.g, windows, windows vista, wma/trojandownloader.getcodec.gen |
Linear-Darstellung
