| paterpapas | 12.04.2013 15:20 |
Junkware Removal Tool Scan : Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 Pro x64
Ran by christian on 12.04.2013 at 15:06:31,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Failed to delete: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3240727
Failed to delete: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Failed to delete: [Registry Key] hkey_classes_root\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\christian\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\pricegong"
Failed to delete: [Folder] "C:\Program Files (x86)\conduit"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2013 at 15:22:04,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ergebnis AdwCleaner: Code:
# AdwCleaner v2.200 - Datei am 12/04/2013 um 16:26:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzer : christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [813 octets] - [12/04/2013 16:26:17]
########## EOF - C:\AdwCleaner[S1].txt - [872 octets] ##########
OLT Ergebnis: Code:
OTL logfile created on: 12.04.2013 16:36:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,62 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 83,19% Memory free
8,75 Gb Paging File | 7,47 Gb Available in Paging File | 85,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 94,30 Gb Free Space | 64,42% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 231,42 Gb Free Space | 72,48% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Users\christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symelam.sys (Symantec Corporation)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130411.032\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130411.032\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130411.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes\{5DC0A4BF-1C4C-4860-88BE-EA8BEE81807B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3240727&CUI=UN17145204502017115
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.03.29 10:04:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.10 15:18:21 | 000,000,000 | ---D | M]
[2013.03.10 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2013.03.10 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [SkyDrive] C:\Users\christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\RunOnce: [Uninstall C:\Users\christian\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\christian\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF3FD91-1B42-43AF-B4FF-23091C79B936}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.12 16:23:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.04.12 15:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.04.12 15:06:16 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.12 15:05:53 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.04.12 10:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.04.12 10:42:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ztvcabinet.dll
[2013.04.12 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Simply Super Software
[2013.04.12 10:02:29 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.04.12 10:00:26 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.04.12 10:00:15 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.04.12 10:00:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.04.12 10:00:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.04.12 10:00:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.04.12 10:00:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.04.12 10:00:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.04.12 10:00:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.04.12 10:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.04.12 10:00:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.04.11 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Diagnostics
[2013.04.11 16:27:30 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\CrashDumps
[2013.04.11 11:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.11 11:54:16 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\mbar-1.01.0.1022
[2013.04.11 11:52:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.04.11 09:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2013.04.10 15:22:40 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2013.04.10 15:22:40 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2013.04.10 15:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.04.10 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Simply Super Software
[2013.04.10 15:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.04.10 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.10 15:05:49 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Users\christian\Desktop\trjsetup682.exe
[2013.04.02 08:34:51 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa64.sys
[2013.04.02 08:34:51 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013.04.02 08:34:51 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds64.sys
[2013.04.02 08:34:51 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013.04.02 08:34:51 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ironx64.sys
[2013.04.02 08:34:51 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys
[2013.04.02 08:34:51 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013.04.02 08:34:51 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam.sys
[2013.04.02 08:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024
[2013.04.01 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\DidgeridooMedita
[2013.03.29 10:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.03.29 10:06:18 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Symantec
[2013.03.29 10:04:46 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.29 10:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.03.29 10:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.03.29 10:03:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64
[2013.03.29 10:03:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security CBE
[2013.03.29 10:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security CBE
[2013.03.29 10:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.03.29 10:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.03.29 09:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.03.26 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Amazon MP3
[2013.03.26 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Amazon
[2013.03.26 11:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.03.26 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2013.03.21 09:37:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys
[2013.03.19 09:29:46 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2013.03.19 09:29:44 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
[2013.03.13 16:58:23 | 000,692,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.03.13 16:58:23 | 000,078,176 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
========== Files - Modified Within 30 Days ==========
[2013.04.12 16:37:10 | 000,000,624 | ---- | M] () -- C:\Users\christian\Desktop\Trojaner. MyDirtyHobby.de Spam Abrechnung Mydirtyhobby.de GmbH - Trojaner-Board.website
[2013.04.12 16:32:26 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.04.12 16:32:26 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.04.12 16:32:26 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.04.12 16:32:26 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.04.12 16:32:26 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.04.12 16:30:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.12 16:29:54 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.12 16:27:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.12 16:27:47 | 2252,799,999 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 16:23:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.04.12 16:21:15 | 000,613,083 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.04.12 15:05:54 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.04.12 10:44:28 | 002,203,135 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.04.12 10:42:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.04.11 16:35:17 | 000,421,792 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.11 11:52:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.04.11 11:48:24 | 012,894,739 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.01.0.1022.zip
[2013.04.11 09:44:37 | 000,000,000 | ---- | M] () -- C:\Users\christian\defogger_reenable
[2013.04.11 09:25:18 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.04.11 09:12:30 | 000,002,763 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Outlook 2010.lnk
[2013.04.11 09:12:30 | 000,002,671 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Excel 2010.lnk
[2013.04.11 09:12:30 | 000,002,665 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Word 2010.lnk
[2013.04.10 15:05:59 | 010,488,608 | ---- | M] (Simply Super Software ) -- C:\Users\christian\Desktop\trjsetup682.exe
[2013.04.10 11:14:15 | 000,000,575 | ---- | M] () -- C:\Users\christian\Desktop\China Wholesale Electronics - Tablet pc Wholesale - Cell phone wholesale - Dropship From China - ahappydeal.com.website
[2013.04.09 15:41:12 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
[2013.04.09 15:40:14 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013.04.08 10:05:23 | 000,000,207 | ---- | M] () -- C:\Users\christian\Desktop\Youngcars24 UG (haftungsbeschränkt).url
[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.01 08:42:26 | 008,534,090 | ---- | M] () -- C:\Users\christian\Desktop\1-07 Bilder im Kopf.m4a
[2013.03.29 10:04:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.29 10:04:45 | 000,007,466 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.29 10:04:45 | 000,000,855 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.22 18:41:30 | 000,000,535 | ---- | M] () -- C:\Users\christian\Desktop\TomTom Reparatur Service, Navi Reparatur Service Sachsen, Becker, Falk, Garmin, TomTom, Navigon, keine grauen Haare, graue Haar.website
========== Files Created - No Company Name ==========
[2013.04.12 16:21:15 | 000,613,083 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.04.12 10:42:28 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.04.12 10:42:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll
[2013.04.12 10:42:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\UNRAR3.dll
[2013.04.12 10:42:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll
[2013.04.11 16:35:04 | 000,421,792 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.11 11:48:21 | 012,894,739 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.01.0.1022.zip
[2013.04.11 10:09:22 | 000,000,624 | ---- | C] () -- C:\Users\christian\Desktop\Trojaner. MyDirtyHobby.de Spam Abrechnung Mydirtyhobby.de GmbH - Trojaner-Board.website
[2013.04.11 09:44:37 | 000,000,000 | ---- | C] () -- C:\Users\christian\defogger_reenable
[2013.04.11 09:25:18 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2013.04.11 09:25:18 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2013.04.10 15:06:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll
[2013.04.09 15:40:14 | 002,203,135 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.04.09 15:40:14 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013.04.08 10:05:18 | 000,000,207 | ---- | C] () -- C:\Users\christian\Desktop\Youngcars24 UG (haftungsbeschränkt).url
[2013.04.06 09:21:14 | 008,534,090 | ---- | C] () -- C:\Users\christian\Desktop\1-07 Bilder im Kopf.m4a
[2013.04.02 08:34:51 | 000,009,670 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam64.cat
[2013.04.02 08:34:51 | 000,007,611 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013.04.02 08:34:51 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013.04.02 08:34:51 | 000,007,593 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013.04.02 08:34:51 | 000,007,589 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013.04.02 08:34:51 | 000,007,587 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa64.cat
[2013.04.02 08:34:51 | 000,007,585 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013.04.02 08:34:51 | 000,007,581 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds64.cat
[2013.04.02 08:34:51 | 000,003,434 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa.inf
[2013.04.02 08:34:51 | 000,002,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds.inf
[2013.04.02 08:34:51 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnet.inf
[2013.04.02 08:34:51 | 000,001,438 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013.04.02 08:34:51 | 000,001,420 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013.04.02 08:34:51 | 000,000,996 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam.inf
[2013.04.02 08:34:51 | 000,000,853 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.inf
[2013.04.02 08:34:51 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\iron.inf
[2013.04.02 08:34:30 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symvtcer.dat
[2013.04.02 08:34:30 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013.03.29 10:04:46 | 000,007,466 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.29 10:04:46 | 000,000,855 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.29 10:04:43 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk
[2013.03.22 18:41:14 | 000,000,535 | ---- | C] () -- C:\Users\christian\Desktop\TomTom Reparatur Service, Navi Reparatur Service Sachsen, Becker, Falk, Garmin, TomTom, Navigon, keine grauen Haare, graue Haar.website
[2013.03.18 14:14:17 | 000,000,575 | ---- | C] () -- C:\Users\christian\Desktop\China Wholesale Electronics - Tablet pc Wholesale - Cell phone wholesale - Dropship From China - ahappydeal.com.website
[2013.02.09 10:50:43 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.02.07 20:06:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
========== ZeroAccess Check ==========
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
Code:
OTL Extras logfile created on: 12.04.2013 16:36:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,62 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 83,19% Memory free
8,75 Gb Paging File | 7,47 Gb Available in Paging File | 85,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 94,30 Gb Free Space | 64,42% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 231,42 Gb Free Space | 72,48% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052AFFEB-69F6-4F89-AD9F-E49A01F15B2A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12441445-0282-4A86-A2FC-F07205B7E578}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{178F28FA-182C-4DEF-858A-2DEC7C709CA8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19411098-8FBA-4796-A40E-38931E1A1D3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1E7E3276-04DA-42EF-B999-3B27294AEEE8}" = lport=139 | protocol=6 | dir=in | app=system |
"{23AFE9A1-45F5-423C-81D8-F55E5116C5FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{26FBA3B2-77AE-4E7F-B4F2-4E1BCAAF9899}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B4226C0-981B-4DC3-A13F-C0AFEA1AF6EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4622C1A0-EB9B-42E1-869C-CB7E4A2673A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A8EC2CA-11CD-414F-8CD8-3E9DFB18AD24}" = rport=139 | protocol=6 | dir=out | app=system |
"{71C19FE9-2684-4657-A9A8-947EA427A063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84D4CEA5-93EF-46A9-8FD7-DADE81E8479C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C29147E-81CA-41A9-B96D-3ECB06D44E89}" = lport=445 | protocol=6 | dir=in | app=system |
"{8D1287BD-A66D-4D2B-BC3C-4A2D9E1ED1DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8EB934F8-1E39-4064-B003-5F42DA5F4796}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A49B00B6-1C0F-475F-9869-83736FACE7EF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6D4C8B7-E524-4B05-8C9A-689481850E72}" = rport=445 | protocol=6 | dir=out | app=system |
"{C76695F6-947B-466A-B369-C0907AE7B6E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC71709F-A185-447B-B51F-974A779A676C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E4D98E74-1914-4551-8C80-ADC7457E00D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F1B7F296-71C2-420B-8C6D-7532F0930648}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1D36DB2-3361-4EB2-896C-D818F54AE85D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F65709E3-8392-4637-B43E-9DF1B3E6C61D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7075AD7-B43B-4FF1-95B8-425C4DD379EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09224A6C-DCCB-4CF1-AECF-6196F2453F9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{093664DF-7147-445F-B20B-69B47B5E0271}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{13EE0C73-1A37-4771-B780-4955846A7AEB}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{178B1F19-A2F3-4462-84CB-9520311E9380}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C1F5CB5-35DA-423B-A2ED-1515F61EB9C8}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1C823472-F260-4D5C-B942-76BC12289431}" = protocol=6 | dir=out | app=system |
"{1F4D494D-AF4C-4339-BDD2-6E72019E0070}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{20F2B2C1-B791-4C7F-BFF6-018EF68817D6}" = dir=in | app=c:\users\christian\appdata\local\microsoft\skydrive\skydrive.exe |
"{22467476-FBFB-4A33-951D-53E305E2BCA8}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{275C95F5-C310-403E-AF88-B24CB62E18DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F4F5257-BBA9-4EB2-9EF9-F492D4A60F98}" = dir=in | name=hp printer control |
"{34F09BB7-16AB-4397-B4A1-47FDACCAB8E5}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{38FDDD2B-26F3-453B-BD9F-3443CA604CCD}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3916CAC3-1585-4F9D-BA5A-E9BF0AA98CB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E7E87DC-D49D-4D3E-927A-789608840F8E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4F8B0571-A295-42E4-8A5C-A1D267D03419}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{55DB5882-3E39-42D1-A391-D491997839B1}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5F4BAAB3-D081-44BD-9C7D-210627BE8BCD}" = dir=out | name=tv movie |
"{602D674C-CA8E-4203-A274-FCD69895B16B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{666B9F57-4CA4-4F88-98A0-C82F9A70D70C}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6A16D818-ABFB-4A97-86D6-17D268151D10}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{6B75A029-1704-4C6C-8B17-B7F091CF3D90}" = dir=out | name=kicker |
"{6E957344-3B56-4A16-83FF-6116FA40A81D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73BB71B6-94A9-4BD3-A15A-8AF862626E44}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{7599921D-139F-4856-A061-B19383D64A40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{771D2365-8C56-4094-BB9F-06A9C2D7FA08}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7F606725-605F-4A90-82FC-08F68CBF3B19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81941C1E-D726-464D-B026-0238D1E4FEB3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{827D0665-9A85-458A-9F84-E1B56EED03D2}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{8735E5F9-60F2-4C44-951F-AE6513BD7758}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BF823E5-3B24-4AC9-97BF-E202378495E7}" = dir=out | name=hp printer control |
"{8CEBE975-CC4B-4C9A-B852-43986A2DBE22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E8179F-2505-4501-80B4-F77412240224}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{91BC75DC-87F5-4885-916F-586798265A4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{92A004BB-61B2-4CCD-ACE7-CE559984DD26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98AB24FE-3C91-4805-8434-4C87CCC78359}" = dir=out | name=pinball fx2 |
"{A228BED2-11A9-4B79-A0E2-A1FCAC196657}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6727DCB-1CA5-48C9-B88E-0E111232D5D5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACA551E3-06FF-4794-948A-31F3D2520EB8}" = dir=in | name=pinball fx2 |
"{BA58C242-1E44-4236-B23B-BBDF731A9D08}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BC692AF3-8336-4239-A622-3F804D6BDAD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD804870-E5EB-4251-8B0F-F22F2B54A81C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1851F36-B254-4131-9923-62E9B8597F1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEB1E28D-AC3B-410C-AE6D-7092B100F8C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEE4F5E2-71EE-4C72-8C66-E337D897AD11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2197747-7505-4336-99CF-F491CD8A424C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6874B98-2AF2-420D-9F3D-0CC8CC0F503E}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D704C5FB-F42C-47D5-A4ED-27FC93ED5860}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E0AD3F8A-8263-4949-B283-ECDE4AE640AA}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E4AF300F-C459-46C3-A5ED-ABD770DF7020}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ED64B491-6CBF-4DA4-A343-57EC7A5245C8}" = dir=out | name=bild tablet |
"{EFE1555B-DAD6-477D-8D44-A97A2113DECD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F015CF47-967C-4106-9647-5D3804159439}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3411C6A-E104-4D47-AFF1-12125586A327}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F3C9790D-D530-4FA6-A2EB-389D8C3E21FB}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{F59BB980-7B83-4F4F-B479-2358718F97D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F6613A01-436D-4ABD-A0AF-288567415B5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{E5793A4B-8D89-4347-A07A-72FEBFFEB398}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B7C1DE25-E31C-48A1-AD1C-F08455FC1526}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2012-05 for Microsoft Office 2010
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Free Audio Converter_is1" = Free Audio Converter version 5.0.22.128
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.0
"NIS" = Norton Internet Security CBE
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Trojan Remover_is1" = Trojan Remover 6.8.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3222981501-673947319-3682308242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2013 11:40:26 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x105c Startzeit der fehlerhaften Anwendung: 0x01ce36caada0db72 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 20da441d-a2be-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:54:24 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x175c Startzeit der fehlerhaften Anwendung: 0x01ce3752c5ec277d Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 30a19beb-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:55:55 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xa64 Startzeit der fehlerhaften Anwendung: 0x01ce3752fb2a57ae Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 66d303ca-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:58:40 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x16c8 Startzeit der fehlerhaften Anwendung: 0x01ce375353dc6b39 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: c93a6158-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:01:03 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x84c Startzeit der fehlerhaften Anwendung: 0x01ce3753ad2668a3 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 1e8bc140-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:02:39 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0x01ce3753eafc62c0 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5806bf8c-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:04:27 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xc74 Startzeit der fehlerhaften Anwendung: 0x01ce37542c50dac7 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 97fbcd8a-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:09:56 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x1794 Startzeit der fehlerhaften Anwendung: 0x01ce3754eb5451ba Pfad der
fehlerhaften Anwendung: C:\Users\christian\Downloads\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5c3cc4ed-a348-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:16:10 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xe4c Startzeit der fehlerhaften Anwendung: 0x01ce3755c9b7c4e2 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 3ae267a1-a349-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 10:30:07 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LiveComm.exe, Version: 16.4.4406.1205,
Zeitstempel: 0x50bfdb8c Name des fehlerhaften Moduls: Windows.Networking.dll, Version:
6.2.9200.16496, Zeitstempel: 0x50eccd72 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000028df8
ID
des fehlerhaften Prozesses: 0x994 Startzeit der fehlerhaften Anwendung: 0x01ce3789fb92115d
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\Windows.Networking.dll Berichtskennung:
78bbf11a-a37d-11e2-be90-bc5ff47a39d1 Vollständiger Name des fehlerhaften Pakets:
microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
[ System Events ]
Error - 29.03.2013 06:06:44 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 29.03.2013 07:11:18 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 02.04.2013 05:07:21 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 02.04.2013 06:04:51 | Computer Name = Christian-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"H:" können nicht gelesen werden.
Error - 03.04.2013 08:10:21 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 09.04.2013 09:40:52 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?04.?2013 um 15:07:53 unerwartet heruntergefahren.
Error - 11.04.2013 04:32:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:36:09 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:38:55 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:45:59 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
AdwCleaner auf deinen Desktop.
