| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner startet und läuft immer langsamer, Verdacht auf MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2013, 10:13
| #16 |
 |  Rechner startet und läuft immer langsamer, Verdacht auf Malware Hallo Marius. Tut mir leid, ist mir aber bewusst da erst aufgefallen. Ich arbeite jetzt deine Anweisungen ab, habe aber auch gleich die erste Frage: Meine vorletzte Java-Version ist eine 64-bit-Version vom 23.5.2013 und heißt ebenfalls Java 7 Update 21. Nach der Installation der von dir vorgeschlagenen Version bekomme ich die Fehlermeldung "BrowserLaunchError: 3". Ist das korrekt mit der 32-bit-Version? Die noch älteren Installationen habe ich gelöscht... Hier ist noch das otl-log: Code:
ATTFilter OTL logfile created on: 11.06.2013 16:21:14 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kfz-Technik\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,60 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 59,83% Memory free 7,21 Gb Paging File | 5,29 Gb Available in Paging File | 73,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 254,14 Gb Total Space | 176,59 Gb Free Space | 69,48% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kfz-Technik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare) PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Program Files (x86)\SRWare Iron\libegl.dll () MOD - C:\Program Files (x86)\SRWare Iron\libglesv2.dll () MOD - C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll () MOD - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (UI Assistant Service) -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe () SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (MBB Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (vm2uvcflt) -- C:\Windows\SysNative\drivers\vm2uvcflt.sys (Vimicro Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 47 92 56 8B 0C CC 01 [binary data] IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{258FDA73-B27F-4A2E-B576-89F92CFFCCE5}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{399172A6-48B7-479C-9204-94006F26119E}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{657839C4-5F89-4EF3-B0F5-2743D063373C}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\..\SearchScopes\{9AD7F70E-0BC6-4B2A-9D04-58A306FD1E79}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.02.28 21:21:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.03 16:39:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.11 13:59:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.01 10:39:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.17 19:44:21 | 000,000,000 | ---D | M] [2011.03.28 01:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Extensions [2013.06.03 16:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions [2011.04.03 08:11:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\Firefox\Profiles\461pnpnx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.06.03 16:03:58 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Kfz-Technik\AppData\Roaming\mozilla\firefox\profiles\461pnpnx.default\extensions\toolbar@web.de.xpi [2013.06.11 11:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.06.03 16:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.03 16:39:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.03 16:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.06.03 16:39:25 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de [2013.02.28 21:21:08 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT O1 HOSTS File: ([2013.05.23 15:57:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - Startup: C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk = C:\Ross-Tech\VCDS-DRV\VCDS.exe (Ross-Tech, LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kfz-Technik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FE4A1E-8FE2-4707-A3BE-859D8732019A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.24 11:37:45 | 000,000,000 | ---D | M] - Y:\Autodata 3.24 alt -- [ NTFS ] O32 - AutoRun File - [2011.04.07 08:51:31 | 000,000,051 | ---- | M] () - Y:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 11:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.11 11:09:40 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.06.11 11:09:40 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.06.11 11:08:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.06.11 11:08:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.06.11 11:08:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.05 10:24:36 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Kfz-Technik\Desktop\esetsmartinstaller_enu.exe [2013.05.30 23:09:53 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Users\Kfz-Technik\Desktop\LSPFix.exe [2013.05.30 22:42:37 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.24 11:08:41 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\windows\IsUn0407.exe [2013.05.24 10:21:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe [2013.05.24 10:09:44 | 000,623,003 | ---- | C] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe [2013.05.24 09:52:49 | 000,000,000 | ---D | C] -- C:\windows\pss [2013.05.24 08:56:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.24 03:24:11 | 000,000,000 | ---D | C] -- C:\windows\CheckSur [2013.05.24 03:02:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.24 03:02:08 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.24 03:02:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.24 03:02:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.24 03:02:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.24 03:02:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.24 03:02:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.24 03:02:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.24 03:02:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.24 03:02:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.24 03:02:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.24 03:02:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.24 03:01:56 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.24 03:01:56 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.24 03:01:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.23 22:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash [2013.05.23 22:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyCash&Tax [2013.05.23 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.fakturama [2013.05.23 21:42:25 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\.swt [2013.05.23 21:38:23 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.05.23 21:38:23 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.05.23 21:38:23 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.05.23 21:38:11 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.05.23 21:38:11 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.05.23 21:38:11 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.05.23 21:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.05.23 21:22:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaws.exe [2013.05.23 21:22:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\javaw.exe [2013.05.23 21:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fakturama [2013.05.23 15:32:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.23 15:32:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.23 15:32:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.23 15:30:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.23 15:30:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.23 15:29:39 | 005,069,602 | R--- | C] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe [2013.05.23 10:49:03 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\Malwarebytes [2013.05.23 10:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.23 10:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.23 10:48:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.05.23 10:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.23 07:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.23 07:47:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.22 12:19:14 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.22 12:19:14 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.22 12:18:56 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.22 12:18:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.22 12:18:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.22 12:18:54 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.22 12:18:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.22 12:18:38 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mcupdate_AuthenticAMD.dll [2013.05.22 12:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.05.12 22:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS DRV [2013.05.12 21:33:11 | 000,000,000 | ---D | C] -- C:\Ross-Tech [2013.05.12 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\autoaid GmbH [2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.05.12 21:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.05.12 21:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.05.12 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH [2012.05.23 12:00:00 | 000,930,304 | ---- | C] (Kevin Schneider) -- C:\Users\Kfz-Technik\MP3QualityModifier.exe ========== Files - Modified Within 30 Days ========== [2013.06.11 16:23:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.11 15:51:11 | 001,614,988 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.11 15:51:11 | 000,697,542 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.11 15:51:11 | 000,652,820 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.11 15:51:11 | 000,148,548 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.11 15:51:11 | 000,121,494 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.11 15:47:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.11 14:19:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.06.11 14:19:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.11 13:57:19 | 001,018,825 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.06.11 11:37:41 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 11:37:41 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 11:28:53 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 11:08:34 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.06.11 11:08:32 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.06.11 11:08:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.06.11 11:08:31 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.06.11 11:08:31 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.06.11 11:08:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.06.07 07:29:48 | 000,890,839 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\SecurityCheck.exe [2013.06.07 07:18:20 | 000,640,135 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe [2013.06.05 10:24:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Kfz-Technik\Desktop\esetsmartinstaller_enu.exe [2013.06.01 17:01:09 | 000,000,806 | ---- | M] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk [2013.05.30 23:09:54 | 000,186,880 | ---- | M] (CEXX.ORG) -- C:\Users\Kfz-Technik\Desktop\LSPFix.exe [2013.05.28 13:35:05 | 000,377,856 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe [2013.05.28 13:34:02 | 000,000,188 | ---- | M] () -- C:\Users\Kfz-Technik\defogger_reenable [2013.05.28 13:32:36 | 000,050,477 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe [2013.05.24 11:34:53 | 000,001,501 | ---- | M] () -- C:\windows\RbSystem.ini [2013.05.24 11:10:51 | 000,000,752 | ---- | M] () -- C:\windows\ESIDATA.ini [2013.05.24 11:09:10 | 000,004,017 | ---- | M] () -- C:\windows\System\v9Sys_xx.vxd [2013.05.24 10:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kfz-Technik\Desktop\OTL.exe [2013.05.24 10:09:45 | 000,623,003 | ---- | M] (No company) -- C:\Users\Kfz-Technik\Desktop\LanmanCheck.exe [2013.05.24 03:16:30 | 001,592,882 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013.05.23 22:44:07 | 000,001,027 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk [2013.05.23 21:37:51 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.05.23 21:37:50 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.05.23 21:37:50 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.05.23 21:37:49 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.05.23 21:37:49 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.05.23 21:37:49 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.05.23 21:31:03 | 000,000,981 | ---- | M] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk [2013.05.23 15:57:22 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013.05.23 15:29:53 | 005,069,602 | R--- | M] (Swearware) -- C:\Users\Kfz-Technik\Desktop\ComboFix.exe [2013.05.23 10:50:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.23 09:14:08 | 000,289,176 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.22 12:05:38 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk ========== Files Created - No Company Name ========== [2013.06.07 07:29:48 | 000,890,839 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\SecurityCheck.exe [2013.06.07 07:18:20 | 000,640,135 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\adwcleaner.exe [2013.06.01 17:01:09 | 000,000,806 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ross-Tech VCDS DRV Updater.lnk [2013.05.28 13:35:05 | 000,377,856 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\ohtmziq9.exe [2013.05.28 13:34:01 | 000,000,188 | ---- | C] () -- C:\Users\Kfz-Technik\defogger_reenable [2013.05.28 13:32:34 | 000,050,477 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Defogger.exe [2013.05.23 22:44:07 | 000,001,027 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\EasyCash&Tax.lnk [2013.05.23 21:15:14 | 000,000,981 | ---- | C] () -- C:\Users\Kfz-Technik\Desktop\Fakturama.lnk [2013.05.23 21:15:14 | 000,000,854 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fakturama.lnk [2013.05.23 15:32:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.23 15:32:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.23 15:32:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.23 15:32:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.23 15:32:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.23 10:48:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.03 03:44:57 | 000,002,300 | ---- | C] () -- C:\Users\Kfz-Technik\Neuer Kontenrahmen.eux [2012.04.07 22:42:41 | 000,001,501 | ---- | C] () -- C:\windows\RbSystem.ini [2012.04.07 22:39:21 | 000,012,800 | ---- | C] () -- C:\windows\SysWow64\PWUtility.dll [2012.04.07 22:39:21 | 000,007,168 | ---- | C] () -- C:\windows\SysWow64\dtctrace.dll [2012.04.07 22:39:20 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\xcd73532.dll [2012.04.07 22:39:10 | 000,487,424 | ---- | C] () -- C:\windows\esi_kl02.dat [2012.04.07 22:39:01 | 000,655,360 | ---- | C] () -- C:\windows\SysWow64\dslang32.dll [2012.04.07 22:39:01 | 000,327,680 | ---- | C] () -- C:\windows\SysWow64\ldf251.dll [2012.04.07 22:34:19 | 000,000,752 | ---- | C] () -- C:\windows\ESIDATA.ini [2012.02.29 22:42:47 | 000,007,607 | ---- | C] () -- C:\Users\Kfz-Technik\AppData\Local\Resmon.ResmonCfg [2011.12.13 22:01:30 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011.10.20 00:03:36 | 000,000,553 | ---- | C] () -- C:\Users\Kfz-Technik\LG_External_HDD (SPEEDPORT.IPAllLG_External_HDD) (Z) - Verknüpfung.lnk [2011.10.17 19:17:09 | 000,241,064 | ---- | C] () -- C:\windows\hpwins28.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.28 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2013 [2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software [2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.02.15 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2011.04.20 13:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\1&1 Mail & Media GmbH [2011.03.18 18:07:02 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\ArcSyncConfig [2011.12.08 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Auslogics [2013.05.12 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\autoaid GmbH [2013.04.04 02:00:53 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\AVG2013 [2012.04.07 10:52:55 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools [2012.04.07 22:24:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\DAEMON Tools Lite [2011.07.18 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\EPSON [2011.11.30 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Mp3tag [2011.12.07 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\MPP-Engineering [2011.04.01 23:05:04 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\OBD-DIAG [2011.12.07 00:00:28 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Obsidium [2011.08.01 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PC Suite [2013.02.28 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Architect [2011.03.22 18:23:25 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\PDF Software [2011.12.11 14:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\QuickScan [2013.05.28 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\SoftGrid Client [2011.12.13 22:03:12 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\Synaptics [2011.12.07 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TeamViewer [2011.03.21 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TP [2013.04.04 01:44:00 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\TuneUp Software [2011.04.25 00:58:17 | 000,000,000 | ---D | M] -- C:\Users\Kfz-Technik\AppData\Roaming\WEB.DE ========== Purity Check ========== < End of report > Markus Oh, natürlich, und die Extras.txt:# Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 16:21:14 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kfz-Technik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,60 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 59,83% Memory free
7,21 Gb Paging File | 5,29 Gb Available in Paging File | 73,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 176,59 Gb Free Space | 69,48% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,96 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Computer Name: LENOVO | User Name: Kfz-Technik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files (x86)\SRWare Iron\iron.exe (SRWare)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A6B808-6FA5-4669-8F32-16AF93C8ECBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07CA57A9-8197-4FCE-95CB-A19DC73AD577}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{172418C1-B6EA-4947-8837-59B05AB1EFDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D66CAF8-1C82-4257-AD32-51BC303023C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{1E209C1F-29D6-45BE-BDC0-CE22C6AE0FDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E98EEFD-86EB-47C3-B258-BDCFB4F57292}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36E862DF-5406-4666-8C21-E636A5B2493B}" = rport=137 | protocol=17 | dir=out | app=system |
"{436DC802-FFA6-4B48-98C7-A727D1C794C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43A9D5C6-F585-432B-9536-B328FBBD55A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F8BAA63-0634-4E64-A247-2EC6F89942CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F8F85A0-44E1-49A8-8525-30890EB23D4B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{711DC43A-C1F3-421A-8840-DFDAD183B295}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C68D105-5673-4141-B541-A6A70FF139CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C95BCC0-8891-4D46-BE8B-3E0D1EE2C4D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7D6FA3DB-C4A2-4518-8E33-68005EBA034A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8088677F-08A0-45A8-9820-FF6E438EB39C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{81C625CF-3A77-4196-9889-15B35A96BE13}" = rport=139 | protocol=6 | dir=out | app=system |
"{891DB712-8AD2-4C2D-90F5-8DB4CFE27EC4}" = lport=138 | protocol=17 | dir=in | app=system |
"{8D11B2BD-399C-4106-963B-100C3A47640E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9FA9A3E7-B34C-46D7-8967-CD7ACB586344}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7F450E0-1043-41DA-9305-F1E484FB70FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{A9E82F06-D3CA-4594-B3B7-1F524F2B4BD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACF26393-AF82-4813-A128-85815A3FC16D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BFF144EF-5F22-4575-865E-40AD6681C2F4}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2E56CCC-BB88-4CFB-B52C-24352AFCEF23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C9254BEF-F735-4110-8AD3-754C866FFD93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD2DEC5D-E6AC-4717-B673-E318CBD95AFB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3E5A8EE-DA4E-4D07-82A6-6C321834D043}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D87379A9-D0C7-4C5B-83DA-B3E8C7A7F063}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBBC72FC-03D0-4810-AC22-CC3062E68420}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA8F3504-3B7D-4713-92F9-161F3119BA4E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDBD1EE1-AA78-4389-906F-38CF780E3765}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{EDCAEE87-018C-43B3-BB08-F048FBE8C5CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F106C9E2-F974-460A-ADD0-735B73B15F90}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038545DF-D789-49A8-B871-F2688AC6F09A}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{0394FA4C-E213-4751-86E2-07C76096FBE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{05B8476E-1412-4282-B299-1B5EA5DF204D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{06942360-B6E4-4041-A4D0-AB19460860B7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{0EED0E2F-29F6-4DAB-A3C4-2B5A079AE203}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{10DEB323-7D9C-4F29-98F5-7896346CF915}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{121B0BE2-85B7-4D2B-8A77-F23EB58DAF65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14B6A787-2D67-4071-8A22-FC011E73F1C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{197B5CF4-4B29-41C9-B1DC-E6B5BCEAF366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23DFE3D7-AE55-4AAC-BE33-C65A784D3D45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{243CB316-0DFE-4DF9-94EF-A2807FD8539D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28DE21F3-FCC6-4BC4-8CCA-8FBAE68D4A44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EEB99DA-E453-43DC-B51E-3A365F5C1A82}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe |
"{454EC166-5244-45E2-97FD-9AC85E1FEE99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{506B1212-546A-4FF2-A0F2-0A7F9F68F7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{53AB2680-4281-46C7-8FCD-5C5FBFDBFAB4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5431324A-6C2E-4B20-9A31-79772BB8B3AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{55F88BDA-9372-4A9C-A0C5-A096370B9240}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{5A1729A1-BE2C-4437-A67B-722DA3DB386D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{67480903-7BE0-4117-9F7F-9E6766B35452}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67528681-2E98-4DFF-9DDA-B1DAE5F5F5B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68E3AC91-8746-489C-A409-F384FCFEEBA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{703B5459-74A5-4F08-808F-53930ADC3EBA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{778C1E19-9295-46C3-A2EA-3FC0634C6809}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{7E1A1CD3-A01B-4191-8E74-D73FB1A1961F}" = protocol=6 | dir=out | app=system |
"{8B19E1B0-14C1-46A0-BBC8-4F0706F62387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DA67C21-8E4E-4FF6-A797-85BE65A4AC1E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{934CD5F9-39DC-4883-B9F8-2DA54B34C69B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97C8CDFF-B300-4DF1-A267-1B58E7B32F28}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{99C423E8-86B3-4352-9CC9-A77742E0549D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7C7D1B8-4FE0-4DB4-A41D-8E89CDAAB06F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B02C276D-5BB6-40CA-B8F0-8FD928E75845}" = dir=in | app=f:\setup\hpznui40.exe |
"{C48D3DE6-CE25-496B-B6D4-A5BCD11385D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB212179-9705-489B-BA13-5234898721DD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CC526911-9424-4362-A865-4E5292B934D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CD890F0E-5BA6-40E9-B868-DE1EDD3F6F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D42FFF94-66B2-42C0-9BAF-1D6C8FF4102B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E4375C3E-D25E-4FE0-9084-1BEBCD7E5C21}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E49EA176-9EE5-4A92-93DC-A8C5450132F3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E8219B50-697B-4506-B6BE-9342C4BA7A3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{F5C89E5A-1C26-4783-92AB-98FEB5E55A05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F695AAD7-D5D1-4E72-9DA1-DDB78E76ECEA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8A03769-7933-4EEB-A796-FD1E2EBFA7CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FAC95CE0-C040-4C00-9D0E-7A8718E03134}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C897CB6-9393-C1DF-089D-7BB33C344362}" = AMD Fuel
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50F24798-E870-CEE2-64CA-56DD81A27BAC}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B31B6C8-383F-2362-5EB4-D950F666D8FD}" = ccc-utility64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A4EF15-22EE-B863-717D-4237AA3C1536}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"42B17F23052FF114E91E57E2287CCEEDF216888D" = Windows-Treiberpaket - Auto-Intern USB-Treiber (03/30/2010 2.06.02)
"5EFB68C2F0CD0DB3442B0733C6FAB545A71A88FF" = Windows-Treiberpaket - Auto-Intern Virtueller COM-Port-Treiber (03/30/2010 2.06.02)
"6D3D1B84986E536339ED6F2B2A381D13597CD69C" = Windows-Treiberpaket - MPP USB CDC Virtual COM Port (09/16/2011 1.5.0)
"9FCA89337DAC5D4196D98BF2F17E831E1EE83336" = Windows-Treiberpaket - FTDI FTDI VCP (03/20/2011 2.08.14)
"AVG" = AVG 2013
"CNXT_AUDIO_HDA" = Conexant HD Audio
"D6BC3CBE8968CB6351105F9D2EEC52CE24F2C99D" = Windows-Treiberpaket - FTDI FTDI D2XX (03/21/2011 2.08.14)
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{070667D2-A6DC-C36C-10D0-4D25F0054B78}" = CCC Help Chinese Standard
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09CB25FF-E950-0699-DA4D-5BDCD5A653EA}" = CCC Help Finnish
"{0ABC3BCC-4B49-11E1-84DC-8BB34724019B}" = autoaid VCI USB Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C374EBE-A045-4531-8F58-F240E078E0BE}" = VAG-COM 504 Deutsch
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{194E63E4-4AA0-F201-3C96-7EFEA0AEFE91}" = CCC Help French
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F3C1281-F291-573B-3913-774993D6F2C6}" = CCC Help Korean
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D2E2AD9-2DD9-FC5E-32A7-2961E5800C58}" = CCC Help English
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3F22702F-A236-4B6A-41BD-420700522583}_is1" = Was macht mein PC 1.xx
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C60AC6-FA09-4AE1-BD42-E5ED51A4BB19}" = MonoScan
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45D8D16D-13AC-826F-7494-166EB0CC021F}" = Catalyst Control Center Graphics Previews Common
"{47B5B5D0-2D0D-887B-E3A3-29744258A2F2}" = CCC Help Portuguese
"{47FAF76A-B225-FA71-F0AA-9ACD71A1A6EB}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C0636E0-C17F-FEE2-0704-944EC0315996}" = CCC Help Japanese
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{54DA5204-5F2B-BB6B-3A29-93DB85E71F02}" = CCC Help Czech
"{55CCAFAB-5213-49EB-A1B5-937E5F3F811B}" = Vehicle Explorer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5B64310E-6C76-10FB-EF2D-D63D7901FE27}" = CCC Help Spanish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6429EC24-5976-8B97-0C73-C7C6EEE717BE}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AA63B49-FF6B-D9EC-F578-36AAD863791F}" = CCC Help Hungarian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{82C9D4E8-A57A-95C2-8503-2021E9678096}" = CCC Help Thai
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86394597-E2A6-B8EE-9E01-5FF6FD919BFB}" = ccc-core-static
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9520BD31-226A-4D5D-B900-6C0CDBA75BF0}_is1" = Onlinesupport 5.0.8232 QS
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F705A4D-B625-1E7E-BD3B-5DB253F4A3AE}" = Catalyst Control Center Profiles Mobile
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE557889-A5F1-212B-BC66-2A67D5FB84D7}" = Catalyst Control Center Localization All
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF311022-8A9B-41F5-BE54-E361DF2C8AA6}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{BA75BE51-5E2E-4FA4-923C-63ACEAD63FB9}" = VAG-COM 311 Deutsch
"{BD36D776-83FB-454D-982A-BE248F6D668D}" = WEB.DE Toolbar MSVC90 CRT x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version 24.0.1350.0
"{C601C102-3CF4-B39C-4479-D03BDA605CDB}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CABAAA-41C5-40F1-3DCC-A15E2DB8600E}" = CCC Help Dutch
"{C8670645-69C0-A438-CDD7-821A54D6C7B0}" = CCC Help Danish
"{CD5CDBC3-D83E-38BF-297B-CF3B54160C6E}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AA424E-0598-45D7-0D92-113ACC44EC50}" = CCC Help Chinese Traditional
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35E2F85-3E06-ADAD-7774-663DFD300D44}" = Catalyst Control Center InstallProxy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9F03F14-2EF3-7E0C-095F-A2056D748271}" = CCC Help Russian
"{EAE6BF35-84C4-F159-268E-9B63BDCDF545}" = CCC Help German
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9502EF3-3D89-7CDC-1BB8-9AC33789BCA5}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Car Diagnostic Center 2009 Free Edition_is1" = Car Diagnostic Center 2009 Free Edition
"CDex" = CDex - Open Source Digital Audio CD Extractor
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyCash&Tax_is1" = EasyCash&Tax 1.59
"Fakturama" = Fakturama
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"moDiag_is1" = moDiag 2.8.515
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"Nokia Ovi Suite" = Nokia Ovi Suite
"OBD3 Tool Home_is1" = OBD3 Tool Home 4.2
"OBD3 Tool SemiPro_is1" = OBD3 Tool SemiPro 4.2
"OBD-DIAG_is1" = OBD-DIAG V1.01.02
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ST6UNST #1" = OBD Scan Tech OBD II Enhance - Version 1.35
"ST6UNST #2" = OBD Scan Tech OBD II Generic FULL Version 1.17
"ST6UNST #3" = Vol-FCR FTDI USB Demo Version 1.7.3
"ST6UNST #4" = Vol-FCR FTDI USB Demo Version 1.7.3 (C:\Program Files (x86)\Vol-FCR\)
"TachoPro BMW ®©_is1" = TachoPro BMW ®© DS2 1.6 SemiPro
"Uninstall_is1" = Uninstall 1.0.0.1
"VAG-Check" = VAG-Check (remove only)
"VCDS AIB" = VCDS AIB 11.11
"VCDS DRV" = VCDS DRV 11.11
"VCDS-Lite 1.1" = VCDS-Lite 1.1
"VeriFace" = VeriFace
"WABCO_EBS_402_is1" = Wabco EBS Präsentation 4.02
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2054405839-4148487748-1541910870-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WEB.DE SmartDrive Sync" = WEB.DE SmartDrive Sync
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2013 14:45:22 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description =
Error - 12.05.2013 14:45:25 | Computer Name = lenovo | Source = MsiInstaller | ID = 11500
Description =
Error - 12.05.2013 15:14:04 | Computer Name = lenovo | Source = VSS | ID = 12305
Description =
Error - 13.05.2013 04:49:14 | Computer Name = lenovo | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 13.05.2013 04:57:41 | Computer Name = lenovo | Source = .NET Runtime | ID = 1023
Description =
Error - 13.05.2013 04:57:41 | Computer Name = lenovo | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: diagnosis.exe, Version: 1.13.13.16605,
Zeitstempel: 0x51549e19 Name des fehlerhaften Moduls: clr.dll, Version: 4.0.30319.296,
Zeitstempel: 0x50483916 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000198cd8
ID
des fehlerhaften Prozesses: 0xcd4 Startzeit der fehlerhaften Anwendung: 0x01ce4fb7d830f17a
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\autoaid GmbH\autoaid Internet
Diagnose+\diagnosis.exe Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Berichtskennung:
2afd1d01-bbab-11e2-b5d2-1c75086a4526
Error - 23.05.2013 04:51:21 | Computer Name = lenovo | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1060 Startzeit:
01ce57928ed0a18d Endzeit: 25 Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Berichts-ID: ed278789-c385-11e2-92f2-1c75086a4526
Error - 23.05.2013 15:42:02 | Computer Name = lenovo | Source = VSS | ID = 12305
Description =
Error - 24.05.2013 05:04:44 | Computer Name = lenovo | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Setup.exe_InstallShield (R), Version:
10.0.0.159, Zeitstempel: 0x4083592c Name des fehlerhaften Moduls: iuser.dll, Version:
10.0.0.159, Zeitstempel: 0x408357fe Ausnahmecode: 0xc0000005 Fehleroffset: 0x00010e45
ID
des fehlerhaften Prozesses: 0x1af4 Startzeit der fehlerhaften Anwendung: 0x01ce585db773c0e6
Pfad
der fehlerhaften Anwendung: C:\ATRIS_ST\KatCd\cpy\Setup.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
Berichtskennung:
f9257800-c450-11e2-aa3b-1c75086a4526
Error - 24.05.2013 08:00:05 | Computer Name = lenovo | Source = Application Hang | ID = 1002
Description = Programm EasyCT.exe, Version 1.59.0.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17a0 Startzeit:
01ce586fa704650e Endzeit: 247 Anwendungspfad: C:\Program Files (x86)\EasyCash&Tax\EasyCT.exe
Berichts-ID:
75570319-c469-11e2-b10b-1c75086a4526
[ Media Center Events ]
Error - 19.08.2011 06:31:44 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:44 - Fehler beim Herstellen der Internetverbindung. 12:31:44
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2011 06:32:00 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:31:50 - Fehler beim Herstellen der Internetverbindung. 12:31:50
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 03:42:11 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:11 - Fehler beim Herstellen der Internetverbindung. 09:42:11
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 03:42:28 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 09:42:17 - Fehler beim Herstellen der Internetverbindung. 09:42:17
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 04:42:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:42:58 - Fehler beim Herstellen der Internetverbindung. 10:42:58
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 04:43:27 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 10:43:03 - Fehler beim Herstellen der Internetverbindung. 10:43:03
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 06:52:54 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:52:54 - Fehler beim Herstellen der Internetverbindung. 12:52:54
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2011 06:53:13 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 12:53:00 - Fehler beim Herstellen der Internetverbindung. 12:53:00
- Serververbindung konnte nicht hergestellt werden..
Error - 23.10.2012 16:40:58 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:40:58 - Fehler beim Herstellen der Internetverbindung. 22:40:58
- Serververbindung konnte nicht hergestellt werden..
Error - 23.10.2012 16:41:07 | Computer Name = lenovo | Source = MCUpdate | ID = 0
Description = 22:41:03 - Fehler beim Herstellen der Internetverbindung. 22:41:03
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.06.2013 10:34:41 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:34:55 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:36:43 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:36:55 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:36:57 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:36:57 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:38:58 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:39:04 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:39:44 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
Error - 11.06.2013 10:39:56 | Computer Name = lenovo | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%127
< End of report >
|
|
12.06.2013, 09:20
| #17 |
| /// Malwareteam    | Rechner startet und läuft immer langsamer, Verdacht auf Malware Besteht das Problem mit dem sich öffnenden Fenster noch?
__________________Was Java angeht: Downloade dir die aktuelle 64bit-Version und installiere diese - das sollte den Fehler beheben.
__________________ |
|
14.06.2013, 08:02
| #18 |
| | Rechner startet und läuft immer langsamer, Verdacht auf Malware Das Fenster trat immer nur sporadisch auf. Ich habe noch nicht herausbekommen, ob und mit welchem Programm es in Verbindung steht. Ich werde übers WE (vorher schaffe ich es leider nicht) noch mal die Programme starten, bei denen es zu letzt auftrat. Seit dem (als ich es dir gemeldet hatte) kam es nicht wieder vor...
__________________ |
|
14.06.2013, 08:39
| #19 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Dann sind wir durch! Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button Systemwiederherstellungspunkte löschen
Code:
ATTFilter :Commands
[clearallrestorepoints]
adwCleaner
Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
14.06.2013, 21:04
| #20 |
| | Rechner startet und läuft immer langsamer, Verdacht auf Malware Hallo Marius. Soweit ist alles gut. Das Fenster taucht nicht mehr auf, die Cleanware ist alle wieder runter. Aber mit Java habe ich noch ein Problem: Aus irgendwelchen Gründen taucht diese Fehlermeldung sowohl bei der 32- als auch bei der 64-bit Version auf. Bei mir läuft der IE10, aber neuerdings nur noch als 32-bit...? Anscheinend ist die selbe (32-Bit)Version sowohl im Ordner "Programme" und "Programme (X86)". Bei dem Versuch, die 64-bit-Version neu zu installieren, kommt eine Fehlermeldung, auf meinem Rechner wäre eine neuere Version des IE und die Installation wird abgebrochen. Anscheinend ist dort noch etwas im Argen...? Gruß Markus |
|
17.06.2013, 07:27
| #21 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Welche Java-Version soll für eine 64-Bit-Version des Windows-Betriebssystems heruntergeladen werden? Hier findest du die aktuelle 64bit-Version von Java. Versuche, diese zu installieren und berichte.
__________________ --> Rechner startet und läuft immer langsamer, Verdacht auf Malware |
|
17.06.2013, 22:02
| #22 |
| | Rechner startet und läuft immer langsamer, Verdacht auf Malware Hi Marius, es funktioniert weder die 32 noch die 64-Bit Version mit jeweils der selben Fehlermeldung. Hängt das vielleicht damit zusammen, dass ich grundsätzlich ein 64-bit-System laufen haben, IE z.B. aber nur noch als 32-Bit Version läuft und sich auch nicht als 64-bit-Version installieren lässt (s. o.) ? Irgendwas ist doch da durcheinander , oder? Gruß Markus |
|
18.06.2013, 09:30
| #23 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Wie lautet die genaue Fehlermeldung?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.06.2013, 08:02
| #24 | ||
| | Rechner startet und läuft immer langsamer, Verdacht auf MalwareZitat:
Zitat:
Markus |
|
19.06.2013, 10:06
| #25 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware deinstalliere beide Java-Versionen, starte neu und installiere java 64bit. Berichte.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
23.06.2013, 20:25
| #26 |
| | Rechner startet und läuft immer langsamer, Verdacht auf Malware Hallo Marius, habe jetzt die ganze Zeit probiert, installiert, deinstalliert und gelesen. Erst mal Stand der Dinge: Diese Fehlermeldung taucht immer und bei allen Varianten auf. Java scheint aber in allen Browsern zu funktionieren. Installiert habe ich jetzt die 32-Bit-Version. IE 10 scheint es gar nicht mehr wirklich als reine 32- oder 64-Bit-Variante zu geben, auch wenn es dafür je einen Download-link bei MS gibt. Ich hatte den IE10 komplett deinstalliert und nur die 64er Variante von der MS-Seite installiert. Trotzdem habe ich jetzt wieder in beiden Ordnern (Programme und Programme(X86)) den IE10 drin. Nach dem Start des IE finde ich in den Prozessen jeweils einen Eintrag aus jedem der beiden Ordner. Bei meinen recherchen habe gelesen, dass der IE10 wohl grundsätzlich als Hybridversion läuft, im Normalfall aber immer im 32-Bit Modus gestartet wird. Zurück zu Java: Egal mit welchem meiner Browser ich die Seite aufrufe, dort wird immer die 32er Version vorgeschlagen. Ein Test von deren Seite bestätigt mir nun ebenfalls die Funktionalität des plug-ins in allen Browsern (habe zur Zeit Iron, IE und Firefox), daher denke ich, diese Fehlermeldung ist zu vernachlässigen. Ob dadurch nun noch irgendwelche "Hintertüren" offen sind, vermag ich nicht zu sagen. Über den Fehler selbst habe ich erstaunlicher Weise gar nichts gefunden. Gruß Markus Ich hatte gerade noch einmal Secure-Check laufen lassen: Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Verd... Ich hab in letzter Zeit auch noch Probleme mit meinem Provider, mein Internetzugang bricht ständig zusammen. Ist angeblich hier ein Großraumproblem... Ich wollte meine Antwort noch mal korrigieren: Java schreibt, wenn man sowohl 32- als auch 64-Bit-Browser benutzt, muss man auch beide JRE´s instaliieren. hab ich jetzt gemacht (immer noch mit der selben Fehlermeldung, scheint aber zu funktionieren). Adobe Reader hat wohl kein Update gefunden, weil der AR11 draußen ist, scheint der 10er aber net zu wissen. Hab ich nun auch aktualisiert. Security-Check sagt nun: Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Aber für Java find ich nix neueres...? Gruß Markus Und was bedeutet "total fragmentation on drive c:" ? Defrag meldet "nur" 5 %... Ich lass Defrag über Nacht mal laufen... |
|
01.07.2013, 15:29
| #27 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Was kam bei der Defragmentierung denn raus? 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.07.2013, 06:16
| #28 |
| | Rechner startet und läuft immer langsamer, Verdacht auf Malware Hallo Marius. Defrag lief einwandfrei durch. In den letzten Tagen hatte ich arbeitsbedingt das Laptop kaum in Betrieb und fast nur mit dem "statoinären" gearbeitet. Ich werde den Rest der Woche wieder ans Läppi gehen und dir zum WE genauer berichten... Bis denne Markus |
|
04.07.2013, 12:13
| #29 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Wenn es noch was gibt, schreib mir einfach ne pm. 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.07.2013, 12:53
| #30 |
| /// Malwareteam | Rechner startet und läuft immer langsamer, Verdacht auf Malware Schön, dass wir helfen konnten!  Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Rechner startet und läuft immer langsamer, Verdacht auf Malware |
| 500gb, administrator, amd, anti-malware, autostart, check, code, dateien, dll, explorer, formatierung, hintergrund, infektion, logfiles, malware, malwarebytes, microsoft, problem, rechner, scan, speicher, startet, system32, trojaner, verdacht |
Textbox.
Linear-Darstellung
