rudi9999 | 04.07.2013 17:48 | OTL Logfile: Code:
OTL logfile created on: 04.07.2013 18:05:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,26% Memory free
6,49 Gb Paging File | 5,37 Gb Available in Paging File | 82,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 381,52 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive F: | 970,99 Mb Total Space | 970,40 Mb Free Space | 99,94% Space Free | Partition Type: FAT32
Computer Name: HOLGER-PC | User Name: Holger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.04 18:03:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe
PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.09 08:21:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.31 14:01:00 | 003,551,296 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2012.07.27 22:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.07.27 14:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.05 15:56:39 | 000,037,440 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2012.05.08 19:25:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:25:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:25:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.27 00:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [1999.09.30 21:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Programme\PrintKey2000\Printkey2000.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.31 13:36:20 | 002,909,184 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2012.07.30 10:27:59 | 000,116,800 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_38_Win32.dll
MOD - [2012.07.27 22:51:54 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2012.07.05 15:56:39 | 000,037,440 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2012.07.05 15:56:24 | 000,052,800 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_05.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.27 14:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.08 19:25:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:25:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.01.27 00:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013.07.03 22:14:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:25:14 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:25:14 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.28 20:56:58 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.02.28 20:56:43 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.01.27 01:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.27 00:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 9C 12 8B F9 E7 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=DE&userid=18de14e0-3ad0-4800-b96f-92ec9372c9db&searchtype=ds&q={searchTerms}&installDate=28/06/2013
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: {18de14e0-3ad0-4800-b96f-92ec9372c9db}:1.0
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.6.20120119024823
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.7.0.3
FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.2
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@delorme.com/SendToGPS: C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll (DeLorme)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.11.04 11:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.12 06:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\LrcsTb@hansenapps.com: C:\Program Files\LyricsTube\FF\ [2013.06.04 20:13:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files\LyricsContainer\116.xpi [2013.06.28 18:08:36 | 000,005,593 | ---- | M] ()
[2012.04.12 07:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Extensions
[2013.07.03 16:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions
[2013.06.28 18:08:47 | 000,000,000 | ---D | M] (Wajam) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
[2013.03.11 14:05:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.06.28 18:08:27 | 000,000,000 | ---D | M] (LyricsContainer) -- C:\Users\Holger\AppData\Roaming\mozilla\Firefox\Profiles\g82eolbz.default\extensions\116
[2012.04.12 06:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.12 06:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.04.12 06:58:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - Extension: LyricsContainer = C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.116_0\
CHR - Extension: LyricsTube = C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.114_0\
O1 HOSTS File: ([2012.02.27 17:53:50 | 000,001,086 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 feedproxy.google.com
O1 - Hosts: 127.0.0.1 plusone.google.com
O1 - Hosts: 127.0.0.1 www.addthis.com
O1 - Hosts: 127.0.0.1 vendor1.fitschigogerl.com
O1 - Hosts: 127.0.0.1 www.d03x2011.com
O1 - Hosts: 127.0.0.1 deliver.carrier.bz
O1 - Hosts: 127.0.0.1 popads.ero-advertising.com
O1 - Hosts: 127.0.0.1 is.gd
O1 - Hosts: 127.0.0.1 eads.to
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (FastestTube) - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Programme\FastestTube\2.1.9\WombatBHO.dll (Kwizzu)
O2 - BHO: (LyricsContainer) - {463B0ED4-8AFA-404B-90E7-4063A0708050} - C:\Programme\LyricsContainer\116.dll (RYD Software)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Programme\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Programme\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDBB58CA-1CC8-4375-A4F0-1B9D75533237}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - State: "bootini" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.07.04 18:03:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe
[2013.07.04 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\Neuer Ordner
[2013.07.04 16:20:45 | 000,000,000 | ---D | C] -- C:\FRST
[2013.07.04 16:19:42 | 001,373,373 | ---- | C] (Farbar) -- C:\Users\Holger\Desktop\FRST.exe
[2013.07.03 22:14:19 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.07.03 17:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.07.03 17:07:06 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe
[2013.07.03 16:42:35 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Holger\Desktop\TFC.exe
[2013.07.03 16:37:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.03 16:37:25 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.03 16:35:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Holger\Desktop\JRT494.exe
[2013.07.02 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Malwarebytes
[2013.07.02 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.02 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.02 17:10:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.07.02 17:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.07.02 17:10:09 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Programs
[2013.07.01 18:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.01 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.30 08:58:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Skins
[2013.06.29 17:32:49 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\vlc
[2013.06.29 15:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.29 15:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.06.29 15:32:55 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Google
[2013.06.28 18:16:19 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\anim
[2013.06.28 18:16:13 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\COPY TO 'lang' FOLDER IN 'minecraft.jar'
[2013.06.28 18:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsContainer
[2013.06.28 18:08:33 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Local\Downloaded Installations
[2013.06.27 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\world
[2013.06.21 16:32:07 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\title
[2013.06.21 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\mob
[2013.06.21 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\misc
[2013.06.21 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\gui
[2013.06.21 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\font
[2013.06.21 14:43:43 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\environment
[2013.06.21 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\ctm
[2013.06.21 14:43:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\art
[2013.06.21 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\armor
[2013.06.21 14:43:38 | 000,000,000 | ---D | C] -- C:\Users\Holger\Desktop\achievement
[2013.06.21 14:43:12 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\WinRAR
[2013.06.20 16:58:52 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Avira
[2013.06.20 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\.minecraft
[2013.06.20 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Macromedia
[2013.06.20 16:53:39 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\ATI
[2013.06.20 16:53:28 | 000,000,000 | ---D | C] -- C:\Users\Holger\AppData\Roaming\Adobe
[2013.06.20 16:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.06.20 16:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
========== Files - Modified Within 30 Days ==========
[2013.07.04 18:03:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\OTL.exe
[2013.07.04 18:01:15 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.07.04 18:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.04 17:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.04 17:40:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\Updater.job
[2013.07.04 17:27:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.04 16:53:08 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 16:53:08 | 000,018,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 16:45:31 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.04 16:45:19 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.04 16:19:45 | 001,373,373 | ---- | M] (Farbar) -- C:\Users\Holger\Desktop\FRST.exe
[2013.07.03 22:14:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.07.03 18:58:21 | 001,287,240 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.03 18:58:21 | 000,837,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.03 18:58:21 | 000,333,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.03 18:58:21 | 000,286,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.03 17:07:06 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Holger\Desktop\esetsmartinstaller_enu.exe
[2013.07.03 17:03:02 | 000,139,264 | ---- | M] () -- C:\Users\Holger\Desktop\SystemLook.exe
[2013.07.03 16:59:39 | 000,165,376 | ---- | M] () -- C:\Users\Holger\Desktop\SystemLook_x64.exe
[2013.07.03 16:42:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Holger\Desktop\TFC.exe
[2013.07.03 16:35:48 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Holger\Desktop\JRT494.exe
[2013.07.03 16:27:42 | 000,648,201 | ---- | M] () -- C:\Users\Holger\Desktop\adwcleaner2303.exe
[2013.07.02 17:10:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.07.01 17:31:48 | 000,429,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.30 15:45:19 | 001,492,528 | ---- | M] () -- C:\Users\Holger\Desktop\Foto Holger1.jpg
[2013.06.30 15:45:19 | 001,492,528 | ---- | M] () -- C:\Users\Holger\Desktop\Foto Holger.jpg
[2013.06.29 15:37:37 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.28 18:17:17 | 011,906,468 | ---- | M] () -- C:\Users\Holger\Documents\Minecraft t.zip
[2013.06.20 17:51:56 | 000,263,186 | ---- | M] () -- C:\Users\Holger\Desktop\Minecraft.exe
[2013.06.20 16:04:50 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk
========== Files Created - No Company Name ==========
[2013.07.03 17:03:01 | 000,139,264 | ---- | C] () -- C:\Users\Holger\Desktop\SystemLook.exe
[2013.07.03 16:59:39 | 000,165,376 | ---- | C] () -- C:\Users\Holger\Desktop\SystemLook_x64.exe
[2013.07.03 16:27:42 | 000,648,201 | ---- | C] () -- C:\Users\Holger\Desktop\adwcleaner2303.exe
[2013.07.02 17:10:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.30 15:45:29 | 001,492,528 | ---- | C] () -- C:\Users\Holger\Desktop\Foto Holger1.jpg
[2013.06.30 15:42:24 | 001,492,528 | ---- | C] () -- C:\Users\Holger\Desktop\Foto Holger.jpg
[2013.06.29 15:37:37 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.29 15:35:24 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.29 15:35:22 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.28 18:15:18 | 011,906,468 | ---- | C] () -- C:\Users\Holger\Documents\Minecraft t.zip
[2013.06.28 18:08:25 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job
[2013.06.21 14:43:57 | 000,055,364 | ---- | C] () -- C:\Users\Holger\Desktop\pack.png
[2013.06.20 17:53:03 | 000,263,186 | ---- | C] () -- C:\Users\Holger\Desktop\Minecraft.exe
[2013.06.20 16:04:50 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\MINECRAFTinstall.net.lnk
[2012.02.28 20:56:58 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.02.28 20:56:43 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.02.16 18:50:18 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.02.10 15:32:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.06.30 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\Holger\AppData\Roaming\.minecraft
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2013.07.01 22:19:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.25 11:48:59 | 000,000,000 | ---D | M] -- C:\5e9fbc9e8faa7bc0e58997b3ec1b15
[2013.05.13 05:33:51 | 000,000,000 | ---D | M] -- C:\a30bb379609d6a563da9dd01
[2012.02.16 18:24:32 | 000,000,000 | ---D | M] -- C:\AMD
[2012.02.25 12:13:24 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.07.02 17:33:58 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2013.04.02 15:50:39 | 000,000,000 | ---D | M] -- C:\CoView
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.07.04 16:20:45 | 000,000,000 | ---D | M] -- C:\FRST
[2012.04.20 11:23:21 | 000,000,000 | ---D | M] -- C:\Garmin
[2013.07.03 16:37:26 | 000,000,000 | ---D | M] -- C:\JRT
[2012.04.20 11:44:48 | 000,000,000 | ---D | M] -- C:\MapSource6.16.2
[2013.03.21 17:08:27 | 000,000,000 | ---D | M] -- C:\ModMii2012
[2013.03.21 17:52:39 | 000,000,000 | ---D | M] -- C:\ModMii2013
[2012.03.07 20:00:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.10.15 19:47:53 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2012.10.15 19:47:56 | 000,000,000 | ---D | M] -- C:\Neuer Ordner (2)
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.03 17:07:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.03 16:30:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.10 15:37:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.07.04 18:09:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.10 15:38:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.04 16:20:52 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.02.29 11:40:47 | 000,000,298 | ---- | C] () -- C:\Windows\Tasks\Updater.job
[2012.04.26 06:14:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.06.28 18:08:25 | 000,000,386 | ---- | C] () -- C:\Windows\Tasks\LyricsContainer Update.job
[2013.06.29 15:35:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.06.29 15:35:24 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: IASTORV.SYS >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2013.07.04 18:27:31 | 007,340,032 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT
[2013.07.04 18:27:31 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG1
[2012.11.07 17:56:17 | 000,262,144 | -HS- | M] () -- C:\Users\Holger\ntuser.dat.LOG2
[2012.02.10 15:39:03 | 000,065,536 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TM.blf
[2012.02.10 15:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2012.02.10 15:39:03 | 000,524,288 | -HS- | M] () -- C:\Users\Holger\NTUSER.DAT{cad24155-a394-11de-b32f-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2012.02.10 15:38:11 | 000,000,020 | -HS- | M] () -- C:\Users\Holger\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:373E1720
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 04.07.2013 18:05:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holger\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,26% Memory free
6,49 Gb Paging File | 5,37 Gb Available in Paging File | 82,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 381,52 Gb Free Space | 40,96% Space Free | Partition Type: NTFS
Drive F: | 970,99 Mb Total Space | 970,40 Mb Free Space | 99,94% Space Free | Partition Type: FAT32
Computer Name: HOLGER-PC | User Name: Holger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Holger\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0331DA4D-2307-4C7E-BE46-9CB82873E428}" = lport=138 | protocol=17 | dir=in | app=system |
"{03D85375-3A3A-48FE-9AEE-4617DEC7D22B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0669FF02-2BD7-428B-AA52-B67DB2947347}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{16AAF9F3-2FB3-41FF-ADC1-3B7F16206420}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21A92C1E-0978-4677-AF20-E19C27383FF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{22A12A28-7C6E-49A7-9FAB-858DDAB1BFE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30FB4437-C066-4383-8AC4-53FED6F47797}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CC53869-47B6-4E1E-90DC-15C503D9AAF0}" = lport=139 | protocol=6 | dir=in | app=system |
"{4EEB4295-0EA4-4B64-89F6-9897E3F5ACE0}" = rport=139 | protocol=6 | dir=out | app=system |
"{53C4D485-1E50-463D-B508-5822D746CD87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5515C630-8357-405F-A382-D79036E23286}" = lport=137 | protocol=17 | dir=in | app=system |
"{59DD4CFE-DB04-4DCF-BD7F-2DE3E2406076}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5AFB4514-CB2D-4796-8F8C-73241C92E0E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5CFE42AB-EB50-4CC4-B3EC-1C3460BFC498}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{732A891C-9CCF-4599-ADDE-759CE25C9810}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7DA5C0DB-6C74-49FB-92F7-6A32D29B2569}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81267526-8AB5-4114-AF24-0E11CB68B534}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{85591CB7-A919-4C45-A7E7-CACB0E4B9388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DF854DE-5042-407B-AFE5-345D3C33995E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8F3F2388-5344-4186-8DB6-8D76DE37F9EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CE20871-660E-4A8C-881E-49E4D36F7636}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E17FF8C-4952-4E39-AF78-6DF1FEA21ED9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A1336387-ECF9-4A46-A741-2CE0E41204F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{A15DBE7D-726D-4D4C-AFE6-6E9ED61EA4D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A5E904E3-1119-44F9-A8CE-6B0A2AEEC5F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE1CCFCA-5BDE-482E-83CB-ED2067E2D21E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE668B0D-FB70-47B9-BFE9-B7FA9001B322}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA06476-489B-4A15-B32D-91D8FA641F41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1271583-A6E7-47CF-9FFB-AB75C78465BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{D145D87B-4ED4-45D0-ADC9-FA5E4FBDE81B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E739C108-AE95-4524-A8FA-CF35C3A7CB03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8819F79-3C5C-4FA7-9284-B18BC232B464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F992BE4B-95D9-47A5-A9AA-21BDF7C02D29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08144B55-69CB-4998-91C8-C7D6EB0FB5F8}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1534E421-3C9E-427F-A68B-D9AEEB5627B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{17CA971E-3C24-43FA-98A6-DD3F2A78A0EE}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{1AD05EF1-2F10-4D29-A417-E07A04FB7BF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BB799D8-8D57-4552-93C1-14013439BC9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3171555D-7C7B-450F-9163-0243D8198F36}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{457B581D-56CB-4577-B1A8-D51C32EB0D80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E57EFA1-1DB8-41E3-9DD7-E8F4B072AC41}" = protocol=6 | dir=out | app=system |
"{4F75F2B8-AE57-4595-8D75-AACFE44207F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5076A597-F231-4E92-9E05-04DAADAD4C1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56021AA7-0E96-47AA-8991-221658F785AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D2ADD46-6113-48B3-A784-885A3E42A972}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DA6C287-8AB1-496A-9F55-A91647628432}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{70AA4508-3A9E-4925-9963-D43A2451BE71}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7976D2F2-1FCD-4784-90E6-93D85D0B6F35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B7A7FD4-A0FC-44B2-8A01-2DFB6E58EEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{918B0116-F04C-447B-8D44-4EE66D68B5A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0A3BDFD-4F80-438D-BCD0-D7019D198FEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C31551ED-296A-4880-9BAB-026F9F906960}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CE49C996-0FA2-4BBA-9F0F-AFAB0B727AD4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\napoleon total war\napoleon.exe |
"{D28AB5A9-D7AF-4D74-B2D5-225EEFBCF781}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DBD98D11-6EE5-4363-9CEB-01C2DBC53BDA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DBF407B3-C4FA-4463-95C2-C59A1CFBAE17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F08D3732-FCDC-480C-8721-7AB4D6DBBD6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3C5C700-E8D3-4E31-8884-17F5487EBD17}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F3D9C719-8726-4E6F-8320-41D7C6C434BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F471D408-5E23-4738-A0F0-E204B1B34D58}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{207269DF-184A-4ABB-A906-1FDC73763F40}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{44B3835B-FC63-4B2D-8DC3-AF80C05FF60C}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{82A8E81C-8F1B-4235-85A1-CB1863340628}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{8B856512-C5FB-47C0-A0F6-935E422A3061}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A2E1E85E-F032-4F05-8545-4850AC155049}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B8A7771F-AAD7-49F3-AABE-FD96E71524A2}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{E119E88E-5622-45F8-810B-B79991F1FD82}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F07806B1-DC41-4A5F-9EA7-FB6F1075FA20}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"TCP Query User{F469D50C-FCFF-4D6A-B6CB-04F3B958782D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F8F72074-71A6-46ED-BAAE-5D2E4C27CCF4}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{1C7E064B-FB83-44DA-8D4F-D447C9361D32}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"UDP Query User{3F09B813-4A83-450E-A74C-64B030E52DA6}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{50ABE301-DCBA-4C9A-B68B-ED8BE8B3C664}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{5E97B175-D71A-42DD-B2E2-E6A1F3A1634D}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{5F7DDD8F-BF48-4217-81D0-FE9F0DE23FAE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{75E7D6A2-5631-4CF2-ADD6-4B78E866EC03}C:\program files\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader\jre\bin\javaw.exe |
"UDP Query User{8194F4F0-9B0E-4647-907E-867B8B7EE6FA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{82F1AFEF-09B5-4564-B6E4-8320C5E9E5E6}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{D87A1B09-31DE-4D7A-9710-D476B9918E3E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{EAB4C42F-A7EF-4411-AE01-7AD139076159}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.4
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1A1F62AB-B8D6-1769-923D-365F963D51F9}" = WMV9/VC-1 Video Playback
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{37E7D5C3-AF57-4103-851F-076E8AAFC03E}" = Minecraft
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9FB449-93DB-4C47-BB5B-7334C4D1736E}" = SD Formatter
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6641AAF6-1979-48AF-A372-376AEBA3AD45}" = eComic
"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE7A656-A244-47C6-BB05-D412820FDA3C}" = calibre
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{B9C2CE12-9597-7EEF-1EA1-48D8B6B0DA15}" = AMD Drag and Drop Transcoding
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{E6FE96CE-99C3-42DE-AD9B-E0A63BD7805D}_is1" = FastestTube-1.3.7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"CoView_is1" = CoView
"Denken und Rechnen 1" = Denken und Rechnen 1
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FastestTube" = FastestTube
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"Google Chrome" = Google Chrome
"Hardcopy" = Hardcopy
"InstallShield_{015C057F-D7B9-4D82-B266-FBCF0178F382}" = USB Audio/Video Driver
"InstallShield_{459F8ABE-28DB-4F9E-9F96-3149C332FA83}" = Lernwerkstatt 7
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"lrcsTube@hansanddeta.com" = LyricsTube
"Lyrics@LyricsContainer.co" = LyricsContainer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PrintKey2000" = PrintKey2000
"Ravensburger tiptoi" = Ravensburger tiptoi
"Steam App 34030" = Napoleon: Total War
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 03.07.2013 12:58:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 03.07.2013 16:07:30 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0x29c Startzeit der fehlerhaften Anwendung: 0x01ce7828ee97acd9
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 300d3e77-e41c-11e2-b368-00138ff9b6fa
Error - 03.07.2013 16:27:06 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xd3c Startzeit der fehlerhaften Anwendung: 0x01ce782bac990b2a
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ecf69e9e-e41e-11e2-b368-00138ff9b6fa
Error - 04.07.2013 10:19:13 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FRST.exe, Version: 0.0.0.0, Zeitstempel:
0x4f25baec Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00064f96 ID des fehlerhaften Prozesses:
0xf88 Startzeit der fehlerhaften Anwendung: 0x01ce78c173cc17d9 Pfad der fehlerhaften
Anwendung: C:\Users\Holger\Desktop\FRST.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
b2f1573f-e4b4-11e2-90c9-00138ff9b6fa
Error - 04.07.2013 10:27:01 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xc4c Startzeit der fehlerhaften Anwendung: 0x01ce78c28ba277fb
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ca23351f-e4b5-11e2-90c9-00138ff9b6fa
Error - 04.07.2013 11:21:14 | Computer Name = Holger-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
1701\Tools\Tages\DrvSetup_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.07.2013 11:27:03 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0xc78 Startzeit der fehlerhaften Anwendung: 0x01ce78caeda064b6
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2ccf2d84-e4be-11e2-a81f-00138ff9b6fa
Error - 04.07.2013 12:27:02 | Computer Name = Holger-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version:
11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b
ID
des fehlerhaften Prozesses: 0x7dc Startzeit der fehlerhaften Anwendung: 0x01ce78d34f3864eb
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 8e3ea5bf-e4c6-11e2-a81f-00138ff9b6fa
[ System Events ]
Error - 04.07.2013 10:15:28 | Computer Name = Holger-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2013 um 22:36:44 unerwartet heruntergefahren.
Error - 04.07.2013 10:14:41 | Computer Name = Holger-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.07.2013 10:15:37 | Computer Name = Holger-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 04.07.2013 10:15:37 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 04.07.2013 10:17:39 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 04.07.2013 10:17:39 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 04.07.2013 10:45:18 | Computer Name = Holger-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.07.2013 10:45:31 | Computer Name = Holger-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
Error - 04.07.2013 10:45:31 | Computer Name = Holger-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 04.07.2013 11:32:42 | Computer Name = Holger-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report > --- --- --- |