gvu trojaner mit webcam Hallo,
ich hatte den gvu-Trojaner auf dem Desktop, mit der Bitte 100,- zu bezahlen, der Bildschirm wurde wieder frei nachdem ich den Task Manager geöffnet habe (Win 7). Jetzt habe ich malwarebytes anti malware runtergeladen gescannt, 2 Fehler gefunden. Bericht:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.02.14.06
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
KAI :: KAI-TOSH [Administrator]
14.02.2013 15:50:52
mbam-log-2013-02-14 (15-50-52).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 277407
Laufzeit: 5 Minute(n), 35 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\KAI\7949650.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Was jetzt?
Vielen Dank.
noopys
OTL Logfile: Code:
OTL logfile created on: 14.02.2013 16:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KAI\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,73 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 56,98% Memory free
7,47 Gb Paging File | 5,19 Gb Available in Paging File | 69,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 35,74 Gb Free Space | 23,98% Space Free | Partition Type: NTFS
Drive D: | 31,47 Gb Total Space | 5,29 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 7,10 Gb Free Space | 6,06% Space Free | Partition Type: NTFS
Computer Name: KAI-TOSH | User Name: KAI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.14 16:26:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe
PRC - [2013.02.13 07:55:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.13 07:54:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.13 07:54:36 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.11.19 19:15:30 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.11.16 12:05:24 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.01.07 11:11:38 | 000,584,232 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe
PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.11 20:44:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.06 11:54:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.04.17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012.04.17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 22:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009.06.10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.06.10 22:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010.10.13 22:28:54 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010.10.13 22:28:54 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010.10.13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009.10.21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2009.07.28 13:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013.02.13 07:55:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.13 07:54:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.11 20:19:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.01.07 11:11:38 | 000,584,232 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.04.23 17:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010.04.12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.11 20:40:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 20:40:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 15:50:34 | 000,225,920 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.02.15 15:50:34 | 000,049,152 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.02.15 15:50:34 | 000,039,680 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.10.24 07:02:10 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.10.13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010.10.13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.10.13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010.10.13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.04.30 09:19:30 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.04.08 11:47:00 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.04.07 09:51:00 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010.03.24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.19 15:39:00 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010.03.11 19:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.24 10:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.02.24 10:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.02.03 05:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.01.14 14:59:36 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.30 18:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 11:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 21:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009.06.29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009.06.29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{ACD37C95-B735-4D50-B655-B4B6DAC285B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {439AA27B-EC0B-4CD1-ADD1-B0B52A143FAA}
IE - HKLM\..\SearchScopes\{439AA27B-EC0B-4CD1-ADD1-B0B52A143FAA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
IE - HKCU\..\SearchScopes\{69E844A5-8A90-4671-BE7F-CCC1FB3D9BB6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6C7ACCA6-2055-49E4-9E74-2C707521FF02}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2
IE - HKCU\..\SearchScopes\{D3239E78-080D-4CE9-9CAB-DD108A3FE0B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8faf3813-b7bc-4893-8e80-b83c42cf94e3&apn_sauid=15B4F066-7C37-4850-AAC7-EFDC8C0CC107
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: d:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.12.11 20:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.09 00:04:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.12 13:50:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.12.11 20:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 16:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.28 20:43:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 16:13:59 | 000,000,000 | ---D | M]
[2010.12.04 22:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Extensions
[2010.12.04 22:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.04 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\3xn98ydo.default\extensions
[2010.12.04 19:48:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\3xn98ydo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013.02.13 19:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions
[2012.11.05 11:59:57 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.09.14 15:18:46 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
[2012.12.22 13:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\staged
[2012.12.11 21:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\toolbar@ask.com
[2012.03.22 13:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\c8xn7sj6.default\extensions
[2012.12.22 13:55:13 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.04.21 20:24:40 | 000,018,684 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\ich@maltegoetz.de.xpi
[2012.09.14 15:18:49 | 000,275,902 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2012.04.20 14:00:10 | 000,588,526 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.11.19 20:57:37 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.11.17 21:29:20 | 000,199,400 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.08.07 17:30:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013.02.06 16:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.04 20:48:14 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.23 11:43:04 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101206104624.dll (McAfee, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20101206104624.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65A4EE1-FB8A-4097-8DBA-4C66FFB8ED72}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40084e7b-500a-11e0-9323-002318285e92}\Shell - "" = AutoRun
O33 - MountPoints2\{40084e7b-500a-11e0-9323-002318285e92}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{7f29018d-0c69-11e0-89d3-002318285e92}\Shell - "" = AutoRun
O33 - MountPoints2\{7f29018d-0c69-11e0-89d3-002318285e92}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.14 16:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe
[2013.02.14 15:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.14 15:48:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.14 15:48:14 | 000,000,000 | ---D | C] -- C:\Users\KAI\AppData\Local\Programs
[2013.02.10 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\KAI\AppData\Roaming\RealNetworks
[2013.02.07 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.14 16:26:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe
[2013.02.14 16:22:56 | 000,000,000 | ---- | M] () -- C:\Users\KAI\defogger_reenable
[2013.02.14 15:48:47 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.14 15:47:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 15:22:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 15:22:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 15:22:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 15:22:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 15:22:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 15:02:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\0569497.pad
[2013.02.14 15:01:19 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013.02.14 14:59:25 | 000,002,681 | ---- | M] () -- C:\ProgramData\0569497.js
[2013.02.14 14:59:25 | 000,000,153 | ---- | M] () -- C:\ProgramData\0569497.reg
[2013.02.14 14:59:25 | 000,000,058 | ---- | M] () -- C:\ProgramData\0569497.bat
[2013.02.14 14:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 11:37:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 14:07:50 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013.02.13 08:09:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.13 08:09:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 13:48:32 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job
[2013.02.09 15:13:00 | 000,000,261 | ---- | M] () -- C:\Windows\Brownie.ini
[2013.02.09 09:26:52 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.07 14:10:47 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.06 19:53:44 | 518,368,826 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.02 12:51:09 | 000,001,055 | ---- | M] () -- C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.02 12:50:51 | 000,001,019 | ---- | M] () -- C:\Users\KAI\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.14 16:22:56 | 000,000,000 | ---- | C] () -- C:\Users\KAI\defogger_reenable
[2013.02.14 15:48:47 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.02.14 14:59:25 | 000,002,681 | ---- | C] () -- C:\ProgramData\0569497.js
[2013.02.14 14:59:25 | 000,000,153 | ---- | C] () -- C:\ProgramData\0569497.reg
[2013.02.14 14:59:25 | 000,000,058 | ---- | C] () -- C:\ProgramData\0569497.bat
[2013.02.14 14:59:10 | 095,023,320 | ---- | C] () -- C:\ProgramData\0569497.pad
[2013.02.07 14:10:47 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.10 20:50:48 | 000,000,849 | ---- | C] () -- C:\Users\KAI\.recently-used.xbel
[2012.04.22 18:38:18 | 000,000,680 | RHS- | C] () -- C:\Users\KAI\ntuser.pol
[2012.04.19 11:26:15 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.10 21:11:27 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.06 13:27:03 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.07.17 20:41:07 | 000,000,000 | ---- | C] () -- C:\Users\KAI\AppData\Local\{C62D00F7-ACF0-42EC-B96C-8B1FF13EDFB5}
[2011.07.09 17:14:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.21 12:29:11 | 000,000,000 | ---- | C] () -- C:\Users\KAI\AppData\Local\{68403972-8D37-4D97-AA43-463A40307012}
[2011.05.06 14:13:59 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.05.06 14:13:59 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.05.06 14:13:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.05.06 14:13:51 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2011.05.06 14:13:12 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2011.05.06 14:12:56 | 000,000,261 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.03.04 21:04:35 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.03.01 09:15:53 | 000,029,895 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.01.16 21:58:04 | 000,007,606 | ---- | C] () -- C:\Users\KAI\AppData\Local\Resmon.ResmonCfg
========== ZeroAccess Check ==========
[2013.02.06 18:38:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\L
[2013.02.06 18:38:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\N
[2012.05.18 18:54:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.02.20 12:27:17 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Amazon
[2012.02.25 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Auslogics
[2012.03.11 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\BOM
[2012.12.11 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\CheckPoint
[2013.02.09 09:29:06 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Dropbox
[2011.12.10 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\EAC
[2011.06.11 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.03.15 22:29:24 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\FreeAudioPack
[2011.06.11 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\gtk-2.0
[2012.06.15 12:34:02 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\HTC
[2012.06.15 12:35:35 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.01.26 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\OpenCandy
[2010.12.06 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\OpenOffice.org
[2012.02.08 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Outlook
[2011.03.11 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Sony
[2013.02.07 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Swiss Academic Software
[2012.04.19 12:33:22 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Systweak
[2012.05.31 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\TerraTec
[2010.12.04 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Thunderbird
[2011.10.16 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Toshiba
[2011.03.23 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report > --- --- ---
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 14.02.2013 16:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KAI\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,73 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 56,98% Memory free
7,47 Gb Paging File | 5,19 Gb Available in Paging File | 69,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 35,74 Gb Free Space | 23,98% Space Free | Partition Type: NTFS
Drive D: | 31,47 Gb Total Space | 5,29 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 7,10 Gb Free Space | 6,06% Space Free | Partition Type: NTFS
Computer Name: KAI-TOSH | User Name: KAI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8078B-F3C2-450F-AF8A-E8246A5F129D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{02A7497D-86E8-4884-B187-FB1506EFD5C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09AB8EED-9ACD-467D-B91D-ED9B039FF21B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{19ADF3ED-AC63-4AB9-8B73-5A6C6EA8C834}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C71A9B0-893C-40F3-A1C6-C6155FAF6E55}" = rport=445 | protocol=6 | dir=out | app=system |
"{38AF7B3B-2DAA-433E-908C-F3EE1B94CCF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E46A303-7A0E-4135-A502-5DDF5876179F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46068D07-0977-4FF5-B974-582AB83D64B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48CFE5EE-A310-4E78-ADA6-DAC1711452AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B75C43F-83BB-4409-BD76-0685409F38E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4ED9E026-BB0F-4B77-B967-A9F266398BC3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BAADA18-BA74-47A8-8B2A-082902368459}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BBF682F-EFD8-43E0-BF82-53F01F081F89}" = lport=139 | protocol=6 | dir=in | app=system |
"{76940E03-0945-48AE-9A38-2CBA56C7875B}" = rport=137 | protocol=17 | dir=out | app=system |
"{8513EB3E-D663-44EB-9987-47931568E341}" = lport=138 | protocol=17 | dir=in | app=system |
"{85367F18-83EE-4714-9D52-8E01CFB52D4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89CA4F58-FB88-4D38-8909-66CE024EA0E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{95D09792-9077-4864-9C16-6553761EB704}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AF47070-3478-4201-AFB7-D2826AF77BC6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B153D056-A166-45CB-8B0B-57536266AFDE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B194509C-3FCD-4E01-AD6A-F4F5D62D733B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD31FCA3-0429-440E-B2FE-E4F1C0462D43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C99019C7-FC4A-466B-8CAA-3A658E5549A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D33C3EB7-E1EE-47D1-A21D-0678145753AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E01F89C4-28A9-4FD7-A57E-CB8953BE3DEF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFAE015E-60FA-4ED6-BBC5-70A6A4219F7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E8E9D1-5E41-4A2C-BA5C-D7023E3037F7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0D318AA4-D6AC-4315-BC11-AAF126D10D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AA84E62-55BE-4BB6-9801-BBE1B93A753B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{223E03DF-CB33-41EB-8DE6-D997BEEEA373}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{241B430A-489A-497C-89DB-D0DF8F184C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{26E64A2F-5866-4504-8FCB-713EBB708C16}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{2951DA13-2AF0-4776-8E06-32AAF041B0F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AFA9C34-020D-4079-8405-39D3734EE9F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF7B093-304D-4284-AAC1-BC147D56CA6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47CB504F-2082-4152-A83F-837707D51746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{484E19E8-BE97-4961-A38E-2E713CC863DA}" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{57C72442-580D-4674-B417-6CC5DEA36E23}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C953C60-E18C-4F4B-85FC-63EC58078676}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D5EB94E-24B9-4D55-8EB7-626EA9755B5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{64B62F93-DE03-4E58-AAD3-A2306526DECB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F1D61BA-729E-40E2-A000-CA3BE706E4A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A3CD51D-7466-485F-9AFC-EE387F06BCB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CFE69E5-C200-4E2D-B318-424621416DDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D1FF756-14F9-4858-B691-7F79396741FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83F660DA-ACD8-4396-A1D5-F983E4066BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{8AC63982-AF2F-484A-8D65-BBCBDF90042A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E6CFBAD-FF1A-4C5B-B95A-160AA334B57A}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{9348A090-8685-47A6-9BDD-6696716EE848}" = protocol=6 | dir=out | app=system |
"{9A016D06-0994-4B73-827C-A930CD462C66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B701173-3FD8-4169-80B0-E0E8D0C3ABBA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A744EF47-C518-4E94-9F90-86F6357D3ECC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABFEF6D1-D66B-4253-966C-A039261558A3}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{AECFDFA9-19BE-4C87-9A7B-1E503CC3D6DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0847BE7-5EE9-4A65-959A-381B891BBA96}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{B2E5A2CF-46DD-4223-AB1C-1A546385A591}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{BDD363A6-0036-489F-9435-9A8B55629429}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF4D6A59-2ED1-4B5F-88D3-910ADBFCD1D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA7FFA00-762B-4657-AAD7-9E770E03D462}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAECDAC9-A912-494D-92CC-A7F829802FDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D84AF369-9FF2-44B6-A088-BA7ADB7E288F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA04F849-7C4A-4DAE-AE4B-02F1397CA0C0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E6DBAE09-5172-4AD8-9439-8C7200DF6FA3}" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0688C9E-6C53-48DF-8988-EEBA7E6BD5B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F1D5B6CC-2C6B-4C17-B68D-CD7830804619}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{F65F7079-490D-4B45-9BD3-8F36F42261DB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{0D85CD26-5D21-4991-AF45-4E0C027B8B68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{19380E73-94B2-4977-BFF8-A79281F7E131}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{927DD589-C128-4ED2-A56C-53FA0A6683AA}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9F9AF593-DB46-43DF-A46D-FA7E43049FAE}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FDFC6073-66ED-421A-AD9C-873B19D4E339}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{05CCB461-2B5C-441B-BC3C-5B788B273CC0}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{429723BC-7AC1-4976-A2F1-3EB820FAACBC}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{5C174DAF-0FD3-4664-B0A4-7EDEA2967DAC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9AFBF1C4-B9E1-4C5B-A8A2-316D098D0FE3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{AE1F213A-F234-4EF9-BADC-681B75DB11ED}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.10.03.02
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{27f7c177-9313-44b0-92e5-7479ddebf70c}" = Nero 9 Essentials
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.0.0
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B7191DD7-E7B4-4658-9025-487916EC21C8}" = TOSHIBA Mobile Broadband Device
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F927807D-5099-481E-B40E-8DDC59D781AC}" = Brother HL-2035
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cinergy T Stick RC" = Cinergy T Stick RC V10.0.0.0
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exifer_is1" = Exifer
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"RealPlayer 15.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Switch" = Switch Audiodatei-Konverter
"VLC media player" = VLC media player 1.1.11
"VLMC" = VideoLAN Movie Creator
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FoxTab PDF Converter" = FoxTab PDF Converter
"FoxTab PDF Creator" = FoxTab PDF Creator
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 03:19:57 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
Error - 13.02.2013 03:19:57 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10670
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10670
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11669
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11669
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13041
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13041
[ System Events ]
Error - 06.02.2013 14:54:14 | Computer Name = KAI-TOSH | Source = BugCheck | ID = 1001
Description =
Error - 08.02.2013 13:35:08 | Computer Name = KAI-TOSH | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.02.2013 04:29:58 | Computer Name = KAI-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 10.02.2013 08:13:16 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
Error - 11.02.2013 07:24:55 | Computer Name = KAI-TOSH | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 11.02.2013 07:40:03 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2778344)
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2789644)
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2799494)
Error - 14.02.2013 07:34:10 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
< End of report > --- --- --- |