Quincy79 | 02.04.2013 20:09 | Hallo Leo,
so die gewünschten Daten AdwCleaner Code:
# AdwCleaner v2.115 - Datei am 02/04/2013 um 20:21:42 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : buntepudel - BUNTEPUDEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\buntepudel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : IB Updater
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\buntepudel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\buntepudel\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\buntepudel\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\buntepudel\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B068AFE-DE09-4EDA-BB1A-9D9BDDCB286D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BBF2C25-44C6-4252-8CAC-E00D30390613}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D8361B3-6317-4B43-BF67-10C61B8BE074}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B068AFE-DE09-4EDA-BB1A-9D9BDDCB286D}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12206 octets] - [02/04/2013 20:21:42]
########## EOF - C:\AdwCleaner[S1].txt - [12267 octets] ########## Combofix Code:
omboFix 13-04-02.01 - buntepudel 02.04.2013 20:34:00.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.1964 [GMT 2:00]
ausgeführt von:: c:\users\buntepudel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-2466529717-2772133240-2852527027-1000\$87e7496d519f3441179914277f337ed4\@
c:\$recycle.bin\S-1-5-21-2466529717-2772133240-2852527027-1000\$87e7496d519f3441179914277f337ed4\n
c:\$recycle.bin\S-1-5-21-2466529717-2772133240-2852527027-1000\$87e7496d519f3441179914277f337ed4\U\00000001.@
c:\$recycle.bin\S-1-5-21-2466529717-2772133240-2852527027-1000\$87e7496d519f3441179914277f337ed4\U\80000000.@
c:\$recycle.bin\S-1-5-21-2466529717-2772133240-2852527027-1000\$87e7496d519f3441179914277f337ed4\U\800000cb.@
c:\users\buntepudel\AppData\Roaming\.#
c:\users\buntepudel\AppData\Roaming\.#\MBX@10E8@342740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@10E8@342770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1178@1462740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1178@1462770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1260@13F2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1260@13F2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1334@1532740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1334@1532770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1470@1692740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1470@1692770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1480@1812740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1480@1812770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1568@1F2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1568@1F2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1578@15A2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1578@15A2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@15F8@14A2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@15F8@14A2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1628@2D2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1628@2D2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@162C@15F2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@162C@15F2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1744@1712740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1744@1712770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1790@1532740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1790@1532770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@17C4@262740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@17C4@262770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1C34@1342740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@1C34@1342770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@4D8@15F2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@4D8@15F2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@A60@15B2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@A60@15B2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@AA8@14D2740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@AA8@14D2770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@B54@1592740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@B54@1592770.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@C4C@1412740.###
c:\users\buntepudel\AppData\Roaming\.#\MBX@C4C@1412770.###
c:\users\buntepudel\AppData\Roaming\Tudyud
c:\users\buntepudel\AppData\Roaming\Tudyud\xeni.uvd
c:\users\buntepudel\AppData\Roaming\Ykucd
c:\users\buntepudel\AppData\Roaming\Ykucd\syuv.wux
c:\windows\IsUn0407.exe
c:\windows\msvcr71.dll
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-02 bis 2013-04-02 ))))))))))))))))))))))))))))))
.
.
2013-04-02 18:47 . 2013-04-02 18:47 -------- d-----w- c:\users\buntepudel\AppData\Local\temp
2013-04-02 18:47 . 2013-04-02 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 16:16 . 2013-04-02 18:35 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05BA4B28-A75B-42EB-A5AF-587867330FC5}\offreg.dll
2013-04-02 14:32 . 2013-04-02 14:32 -------- d-----w- c:\users\buntepudel\AppData\Roaming\Malwarebytes
2013-04-02 14:32 . 2013-04-02 14:32 -------- d-----w- c:\programdata\Malwarebytes
2013-04-02 14:32 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 14:31 . 2013-04-02 14:31 -------- d-----w- c:\users\buntepudel\AppData\Local\Programs
2013-03-30 12:53 . 2013-03-30 12:53 -------- d-----w- c:\users\buntepudel\AppData\Local\ElevatedDiagnostics
2013-03-29 06:04 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05BA4B28-A75B-42EB-A5AF-587867330FC5}\mpengine.dll
2013-03-26 06:22 . 2013-03-26 06:22 952 --sha-w- c:\programdata\KGyGaAvL.sys
2013-03-26 06:22 . 2013-03-26 06:22 -------- d-----w- c:\users\buntepudel\AppData\Roaming\Corel
2013-03-26 06:20 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 08:31 . 2012-04-01 05:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 08:31 . 2011-05-18 04:26 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-14 06:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 06:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2010-01-26 14:37 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 21:17 . 2013-02-27 22:48 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 22:48 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 22:48 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 22:48 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 22:48 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 22:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 22:48 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 22:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 22:48 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 22:48 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 20:30 . 2013-02-27 22:48 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 20:22 . 2013-02-27 22:48 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 22:48 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 20:09 . 2013-02-27 22:48 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 22:48 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 22:48 1504768 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:54 . 2013-02-27 22:48 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 22:48 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 22:48 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:48 . 2013-02-27 22:48 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 22:48 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:43 . 2013-02-27 22:48 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:37 . 2013-02-27 22:48 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 22:48 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 22:48 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 22:48 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:00 . 2013-02-13 06:17 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 06:17 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 22:48 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 04:50 . 2013-02-13 06:17 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 06:17 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 06:17 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 06:17 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2011-07-04 366024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-11 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.buntepudel.de/
IE: Free YouTube to Mp3 Converter - c:\users\buntepudel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Udcemivyog - c:\users\buntepudel\AppData\Roaming\Zului\deexq.exe
SafeBoot-BsScanner
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Internet Designer Pro - c:\windows\unin0407.exe
AddRemove-PerfectFTP - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-02 20:49:06
ComboFix-quarantined-files.txt 2013-04-02 18:49
.
Vor Suchlauf: 5 Verzeichnis(se), 857.581.191.168 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 858.874.650.624 Bytes frei
.
- - End Of File - - 26A3902A108AF2DE15430056D267DF43 OTL2. Code:
OTL logfile created on: 02.04.2013 20:52:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\buntepudel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,10% Memory free
6,50 Gb Paging File | 5,41 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 799,95 Gb Free Space | 87,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,15 Gb Free Space | 55,75% Space Free | Partition Type: NTFS
Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive L: | 930,86 Gb Total Space | 872,83 Gb Free Space | 93,77% Space Free | Partition Type: NTFS
Computer Name: BUNTEPUDEL-PC | User Name: buntepudel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.02 18:19:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\buntepudel\Desktop\OTL.exe
PRC - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe
PRC - [2012.12.19 21:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.12.19 21:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.12.19 16:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.07.17 15:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2012.07.17 15:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.07.04 06:55:38 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\IncMail.exe
PRC - [2011.07.04 06:55:38 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\ImApp.exe
PRC - [2011.07.01 07:02:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 06:47:24 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.04 08:26:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.21 10:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.14 00:28:19 | 013,320,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\644c7ea915fec7bec489a9a12e17b98f\System.Web.ni.dll
MOD - [2013.02.14 00:28:11 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\be794c59743c08f79144dcb474736cdf\System.Windows.Forms.ni.dll
MOD - [2013.02.07 00:50:58 | 018,542,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\4792d470ad2624ee7ba192acfeb995af\PresentationFramework.ni.dll
MOD - [2013.02.07 00:50:47 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\027830f39c1a8bdee5714a6ef1b2e904\PresentationCore.ni.dll
MOD - [2013.02.07 00:50:45 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a595bfbd401ddaea721588f5e88af1a9\System.Runtime.Remoting.ni.dll
MOD - [2013.02.07 00:50:38 | 007,561,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\130613a664d9a4237b5b22c3c80f6d96\System.Xml.ni.dll
MOD - [2013.02.07 00:50:38 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2babe75a82d04a34e07e65c46b1e9b82\System.Core.ni.dll
MOD - [2013.02.07 00:50:38 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\e9a738f9691d3f4547a538d528dd8d2d\WindowsBase.ni.dll
MOD - [2013.02.07 00:50:36 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d8e2d3037c3d36f5a7c763970400e79c\System.Drawing.ni.dll
MOD - [2013.02.07 00:50:34 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f1d702efac188b6774d5134b13fc341a\System.Xaml.ni.dll
MOD - [2013.02.07 00:50:34 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\3249b5065782afda9ed38b3796d96072\System.Configuration.ni.dll
MOD - [2013.02.07 00:50:32 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\84371136df209abcd5fbf89db89f2e97\System.ni.dll
MOD - [2013.02.07 00:50:26 | 016,544,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\506bcca8d286f754825f3f1b0bf64894\mscorlib.ni.dll
MOD - [2012.12.19 16:31:12 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.07.04 06:55:39 | 000,071,112 | ---- | M] () -- C:\Programme\IncrediMail\Bin\wlessfp1.dll
MOD - [2011.07.04 06:55:38 | 000,267,720 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImLookExU.dll
MOD - [2011.07.04 06:55:38 | 000,132,552 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImComUtlU.dll
MOD - [2011.07.04 06:55:38 | 000,079,304 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImAppRU.dll
MOD - [2011.06.06 12:13:11 | 001,000,784 | ---- | M] () -- C:\Programme\IncrediMail\Bin\AE\ActionEngine.dll
MOD - [2011.01.26 00:59:46 | 000,107,896 | ---- | M] () -- C:\Programme\IncrediMail\Bin\PMC.dll
MOD - [2009.11.02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV - [2013.03.13 10:31:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.19 21:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.12.19 16:30:54 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.17 15:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.11.25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.07.01 07:02:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.28 06:47:24 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 10:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.04.29 15:44:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\BUNTEP~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.12.19 22:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.12.19 21:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.11.06 13:11:46 | 000,084,992 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.04.09 10:13:58 | 000,048,256 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.2)
DRV - [2011.11.16 13:02:21 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.11.16 13:02:17 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.11.16 13:02:17 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2011.07.01 07:02:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 07:02:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.25 07:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.02.13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buntepudel.de/
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\..\SearchScopes\{0A2D14AE-5153-469F-BC82-9B09CB5192ED}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\buntepudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.04.02 20:47:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2466529717-2772133240-2852527027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\buntepudel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66254C79-DF5A-4C90-9FED-EC385CDA21D2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.02 20:49:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.02 20:49:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.02 20:49:07 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\AppData\Local\temp
[2013.04.02 20:31:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.02 20:31:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.02 20:31:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.02 20:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.02 20:27:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.02 20:20:40 | 005,046,606 | R--- | C] (Swearware) -- C:\Users\buntepudel\Desktop\ComboFix.exe
[2013.04.02 18:19:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\buntepudel\Desktop\OTL.exe
[2013.04.02 16:32:31 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\AppData\Roaming\Malwarebytes
[2013.04.02 16:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.02 16:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.02 16:32:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.02 16:32:16 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\Desktop\Malwarebytes' Anti-Malware
[2013.04.02 16:31:11 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\AppData\Local\Programs
[2013.04.02 16:30:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\buntepudel\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.30 14:53:39 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\AppData\Local\ElevatedDiagnostics
[2013.03.26 08:22:14 | 000,000,000 | ---D | C] -- C:\Users\buntepudel\AppData\Roaming\Corel
[2013.03.26 08:20:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 23:36:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 23:36:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 23:36:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 23:36:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 23:36:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 23:36:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 23:36:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 23:36:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2013.04.02 20:55:20 | 000,728,516 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 20:55:20 | 000,658,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 20:55:20 | 000,158,608 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 20:55:20 | 000,126,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 20:51:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.02 20:51:08 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 20:47:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.02 20:30:41 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 20:30:41 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 20:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 20:21:01 | 005,046,606 | R--- | M] (Swearware) -- C:\Users\buntepudel\Desktop\ComboFix.exe
[2013.04.02 20:20:29 | 000,609,993 | ---- | M] () -- C:\Users\buntepudel\Desktop\adwcleaner.exe
[2013.04.02 18:21:36 | 000,000,000 | ---- | M] () -- C:\Users\buntepudel\defogger_reenable
[2013.04.02 18:19:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\buntepudel\Desktop\OTL.exe
[2013.04.02 18:16:57 | 000,377,856 | ---- | M] () -- C:\Users\buntepudel\Desktop\qcy0zru1.exe
[2013.04.02 18:16:16 | 000,050,477 | ---- | M] () -- C:\Users\buntepudel\Desktop\Defogger.exe
[2013.04.02 16:32:19 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.02 16:30:09 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\buntepudel\Desktop\mbam-setup-1.70.0.1100.exe
[2013.03.26 08:22:51 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013.03.13 10:31:00 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 10:31:00 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.04.02 20:31:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.02 20:31:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.02 20:31:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.02 20:31:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.02 20:31:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.02 20:20:29 | 000,609,993 | ---- | C] () -- C:\Users\buntepudel\Desktop\adwcleaner.exe
[2013.04.02 18:21:36 | 000,000,000 | ---- | C] () -- C:\Users\buntepudel\defogger_reenable
[2013.04.02 18:16:50 | 000,377,856 | ---- | C] () -- C:\Users\buntepudel\Desktop\qcy0zru1.exe
[2013.04.02 18:16:16 | 000,050,477 | ---- | C] () -- C:\Users\buntepudel\Desktop\Defogger.exe
[2013.04.02 16:32:19 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.03.26 08:22:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.19 22:12:44 | 018,982,400 | ---- | C] () -- C:\Windows\System32\atioglxx.dll
[2012.12.19 21:42:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.12.19 21:42:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
[2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2011.12.08 06:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.06.24 07:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\shwebsvc.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.09.26 10:34:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.26 10:31:11 | 000,015,360 | ---- | C] () -- C:\Users\buntepudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.20 15:58:13 | 000,000,000 | ---- | C] () -- C:\Users\buntepudel\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > OTLExtra2 Code:
OTL Extras logfile created on: 02.04.2013 20:52:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\buntepudel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,10% Memory free
6,50 Gb Paging File | 5,41 Gb Available in Paging File | 83,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 799,95 Gb Free Space | 87,87% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,15 Gb Free Space | 55,75% Space Free | Partition Type: NTFS
Drive I: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive L: | 930,86 Gb Total Space | 872,83 Gb Free Space | 93,77% Space Free | Partition Type: NTFS
Computer Name: BUNTEPUDEL-PC | User Name: buntepudel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05093246-00D2-4C16-A426-C54AA38C3997}" = lport=138 | protocol=17 | dir=in | app=system |
"{05D51161-F550-4A68-9255-2A6AD3C8E716}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0F97BC14-F8E8-4168-A6A6-A16092CF763A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13EB5ED4-E666-4BC1-BB76-3DDBA33058D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17CC35EB-026D-43E9-B693-8180C4D0FF71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27E08ABA-8DB9-4524-952C-D07B045695BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{281DAEB2-D78A-40D6-92F7-64C79342DD71}" = lport=445 | protocol=6 | dir=in | app=system |
"{46881F6E-9DAC-4A72-8ED5-8DDAADB69A3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E56117D-707D-4D18-A403-EB1918591DF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{65B1F8A0-0B2E-49DC-AF06-AAB895CAFF7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A27CDA9-46E5-4311-854A-FC6441AC87D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A4F3C94-77E1-4E37-8EC5-AB5080422E06}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{807F6272-C16C-4BFA-9C7E-32F65B68D1CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A811504B-0781-48DB-8F65-8E26F13361B1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AFE993DB-716F-455A-8999-3052A2ECA887}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B312C563-D6E1-4E7C-AB52-34581183A7AB}" = rport=445 | protocol=6 | dir=out | app=system |
"{B38D4B32-6A2A-41A4-9083-23D867517561}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDB3758F-8C88-49E3-A4EB-2B8AE2D021E6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CFC4B21F-6389-49C2-ADA7-8B634058FDCB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E39852BD-AA71-436F-99C7-E2922CF5B248}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E89B053C-DEFE-4E79-A8D1-B454514ED736}" = rport=139 | protocol=6 | dir=out | app=system |
"{ECB77BE8-019C-4C3A-BB8C-2EA36592F5B2}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1760230A-8BA3-4449-AD50-29C6F18909DB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1984DF15-29B0-4459-A936-06C6925C580E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2091DFC1-9DB7-4158-8054-9B625B60FDF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FCEA691-60CD-4845-A98C-153DB54B9231}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{434ED319-06BD-4592-8AB7-B92634D0146C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{56E7DCB1-1F47-49F5-92E2-C9FFF7B01267}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{623F0934-0F4F-45EB-8D87-E0AB354C06F2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{78B1EFBA-9A3F-4ED2-9789-ADC119199473}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B078DF7-031F-43D2-B37F-1873F08490DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8E1FF50E-2F88-407D-93A7-FC853793A060}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{8F1117BA-AF77-4798-8450-0D64CBD4BDE7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{8FD5468F-DA30-421C-96D3-71B481DAF1A6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B9ABF975-8F4E-430C-BE31-F085787998CE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C4D41DBC-7224-4AAB-B39B-1DCAAB245FDD}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E8C7ED86-DE1F-41E4-B4B6-33AA59BD22E5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F8A22678-4395-41B4-B100-184C4B3EE64B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{07EF9337-9B03-4316-9EC0-8868EF807DC1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{13B3B497-33FF-47D0-9F38-9C11EE61FAF8}C:\users\buntepudel\cvbot.exe" = protocol=6 | dir=in | app=c:\users\buntepudel\cvbot.exe |
"TCP Query User{39908425-251E-487B-AE76-290FC6D9A67B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6D6C7C41-1F23-4F6D-8C47-210714F516A3}C:\program files\cityvillebot\cvbot.exe" = protocol=6 | dir=in | app=c:\program files\cityvillebot\cvbot.exe |
"UDP Query User{07E64B41-033A-45A4-9C9D-0DE126F41B32}C:\program files\cityvillebot\cvbot.exe" = protocol=17 | dir=in | app=c:\program files\cityvillebot\cvbot.exe |
"UDP Query User{522D93A3-D3D8-49DF-A66E-5804FE8168E0}C:\users\buntepudel\cvbot.exe" = protocol=17 | dir=in | app=c:\users\buntepudel\cvbot.exe |
"UDP Query User{685A9092-EFFD-44C8-8BA9-ADF9CD918936}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D905ADE6-25E8-40D6-A7FD-8A017627C768}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{24A500E4-0B12-4D62-9973-2C7E23CCA750}" = Nero Kwik Media
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73F96ACE-9249-D04D-E569-1D611D0982BB}" = ccc-utility
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BE7D8A6-8DBC-4171-A4B6-C082A451A906}" = Audials
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8A6EB60F-BC70-101B-CACE-9D7794767A3C}" = AMD Accelerated Video Transcoding
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90300407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AF1B3F09-B291-6F7D-DCE1-2899A6730428}" = AMD Drag and Drop Transcoding
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFEF4962-6E70-D68B-9680-007E83E68291}" = AMD Fuel
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F47F1D92-F4DF-4113-80B0-B58F2EB10F28}" = AMD Media Foundation Decoders
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"FastImageResizer" = FastImageResizer (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"IncrediMail" = IncrediMail 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pedigree Dog Breeder" = Pedigree Dog Breeder 1.4.2
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.08.2012 01:38:43 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\cleanup.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.08.2012 01:39:12 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\uninstall.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.08.2012 01:39:18 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\install.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 31.08.2012 07:22:32 | Computer Name = buntepudel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x68f56767 ID des fehlerhaften
Prozesses: 0xc54 Startzeit der fehlerhaften Anwendung: 0x01cd873234bfbc96 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 276461cf-f35e-11e1-b314-6c626d491e3d
Error - 31.08.2012 07:22:42 | Computer Name = buntepudel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x68756758 ID des fehlerhaften
Prozesses: 0x740 Startzeit der fehlerhaften Anwendung: 0x01cd876aee18ff0f Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 2d86cdf1-f35e-11e1-b314-6c626d491e3d
Error - 01.09.2012 01:07:22 | Computer Name = buntepudel-PC | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 01.09.2012 02:04:47 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\cleanup.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.09.2012 02:05:16 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\uninstall.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.09.2012 02:05:22 | Computer Name = buntepudel-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\install.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.09.2012 01:13:41 | Computer Name = buntepudel-PC | Source = WDSmartWareBackgroundService | ID = 0
Description =
[ System Events ]
Error - 01.04.2013 06:37:50 | Computer Name = buntepudel-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 01.04.2013 06:37:50 | Computer Name = buntepudel-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 02.04.2013 12:02:05 | Computer Name = buntepudel-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 02.04.2013 12:02:05 | Computer Name = buntepudel-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 02.04.2013 12:02:43 | Computer Name = buntepudel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 02.04.2013 12:03:13 | Computer Name = buntepudel-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 02.04.2013 12:41:00 | Computer Name = buntepudel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?04.?2013 um 18:34:25 unerwartet heruntergefahren.
Error - 02.04.2013 14:33:30 | Computer Name = buntepudel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.04.2013 14:37:04 | Computer Name = buntepudel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 02.04.2013 14:47:54 | Computer Name = buntepudel-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report > Gruß
Andreas |