| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.10.2012, 19:25
| #1 |
| |  Skype Virus Hallo, ich fass mich am besten kurz. Neulich habe ich von einem Freund per Skype diese Message erhalten: "moin, kaum zu glauben was für schöne fotos von dir auf deinem profil? hxxp://www.goo.gl/YeuCY?img=*****" Nichts wissend habe ich drauf geklickt und erst nachher geahnt dass es ein Virus ist. Was richtet dieser Virus an und wie kann ich diesen entfernen? Danke und Gruß Geändert von bär1011 (29.10.2012 um 19:42 Uhr) |
|
29.10.2012, 19:39
| #2 |
| /// Malware-holic   | Skype Virus hi,
__________________1. informiere deinen freund, er hat nen trojaner auf dem pc. 2. informiere alle deine kontakte, denn du sendest solche nachichten nun auch automatisch an diese. jeder der den link geöffnet hatt, muss wiederum seine kontakte informieren, usw. usw. sie können sich natürlich alle hier melden. 3. überprüfe alle nachichten zu allen kontakten nach infektionszeitpunkt, suche dort diese nachicht oder ähnliche, sammle mir die links ein und sende sie per privater nachicht.
__________________ |
|
29.10.2012, 19:45
| #3 |
| | Skype Virus Ok, bei 4 Kontakten wird das nicht schwer sein. Meine Frage war, ob der Trojaner Schaden anrichtet?
__________________ |
|
29.10.2012, 21:42
| #4 |
| /// Malware-holic | Skype Virus ja natürlich, aber mach erst mal das, was da steht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.10.2012, 22:05
| #5 |
| | Skype Virus Ich habe bereits alle angeschrieben. Hinzufügung: Ich habe zwar auf den Link geklickt, wurde aber auf eine Seite weitergeleitet irgendwas mit 403 forbidden. Ich habe also nichts gedownloadet. AVG findet nichts und unter Appdata/roaming sind keine exe-Dateien zu finden. Es scheint so, als ob ich mich nicht infiziert habe. Jedenfalls kann ich im Chatverlauf keine ungewollten von mir abgesendeten Nachrichten mit Links an Freunden sehen. |
|
31.10.2012, 19:40
| #6 |
| /// Malware-holic | Skype Virus Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ --> Skype Virus |
|
02.12.2012, 11:33
| #7 |
| | Skype Virus Hallo, sorry dass der Scan jetzt erst kommt. Da ich keine Symptome auf den ersten Blick erkennen konnte, dachte ich, es wäre alles normal. Doch als ich gestern mich bei Paypal einloggen wollte, fand ich nur eine Seite ohne Bilder und Text. Egal wie oft ich mich einloggte. Seit heute kann ich mich gar nicht mehr einloggen, das Passwort soll falsch sein. Auch das Zurücksetzen funktionierte nicht, der Server nahm meine Antworten auf die Sicherheitsfragen nicht an. Wurde mein Account gehackt? Vielen vielen Dank für deine Hilfe!! OTL.txt Code:
ATTFilter OTL Extras logfile created on: 02.12.2012 10:56:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,65% Memory free
7,96 Gb Paging File | 6,08 Gb Available in Paging File | 76,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 718,47 Gb Free Space | 55,82% Space Free | Partition Type: NTFS
Drive H: | 110,00 Gb Total Space | 60,92 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.7K2Q6P2BZ3UW6BPOIKYIXGSOX4] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB61C7F-B42A-43ED-84DD-2B08A7645781}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{17B81468-B158-4661-AB3C-BE8D91B2A0CD}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{4B7E2924-D424-4A1D-9FE7-EC161BE3C330}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8C4FEBD3-BEA9-417B-B8E8-EF23E313CAC6}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{9F38857E-1A1A-4AA6-A2C9-B37C62EE5F2E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A52C9964-5EE0-42E6-8EB2-87919A18629A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B00529E2-92DE-445F-947E-68E42D8B78FD}" = lport=6500 | protocol=17 | dir=in | name=petroglyph |
"{B793E9FD-B420-4D7F-A1A7-C63BB622E6CF}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{DB6892DA-F442-4699-9A10-6DBD93BB3F48}" = lport=13139 | protocol=17 | dir=in | name=petroglyph |
"{FF4133AA-B96E-40AB-8863-A431348515D9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030D23AA-0169-4360-8A8A-D38EAC5CD3D3}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{06A06391-3EF5-47B5-BA29-0E8ACCBA2179}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{0728662F-90D4-4E2E-BF75-4EA909E11976}" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"{09F9CF09-8A36-45B7-8446-649CF47AF590}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{0E2A3AE9-23FC-4EEF-9A01-19F136CC199C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0E3EB4FE-BA0F-49ED-A90A-DEB714901860}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0F258BF6-B39F-4EB7-A953-A64F4778AA34}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{1184A7AC-1F05-4007-A5A4-F69C6DD76DD5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{12F2D569-EE07-462A-859A-1B37944FC45D}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{16E27250-5F72-478B-9548-5262A85EB4B9}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{21CF0650-5327-49EC-82FC-95BA43DE1EED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{227B880F-6F31-4181-85D5-607CE5FFD0C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{23538A35-1CBF-46AF-925E-400238F9D777}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{2918672A-3E03-4095-8D46-477494B46370}" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"{2B99F6F2-093B-493B-93EA-2C5D3DCE03A7}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{2D17B715-C090-4B2C-8EA2-1AAFA744E826}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{31970236-3CAB-46E9-B139-0AECD6B2B02D}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{324D9D14-ACA0-48D8-AE5E-AC1C52CC0115}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37F8DA30-A68E-484B-BB4C-D7B1B5AE6487}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3F1C604E-4FC8-4C3D-8346-2A7544CD49DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{420A551F-911C-4585-98AC-5A6613C10321}" = protocol=6 | dir=in | app=c:\users\user\desktop\jdwonloader\rld-me3b\mass effect 3\binaries\win32\masseffect3.exe |
"{43224B52-3B42-43CE-9A98-6C4328489DF1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{44C3C8BD-C555-4C50-A151-1D4924F90C55}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{450D43D5-F8BF-4130-845C-1CB5E2E6A13D}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{472B1902-AA28-4B2D-8410-8DD35432FFE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4A4C5206-A1A2-4597-A4A7-78DC063D960D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4AE276C5-624F-4AD2-A32F-03F0C1539ADE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4BC1FFD2-EDC6-4F6E-A75E-84C80C4D092A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4F7C781D-B42C-4686-A4B6-8136D645546D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{51903944-B3C6-46BF-9C6C-6A711E59D3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{54646135-6E63-40BA-BFB0-790A2E9307ED}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{56D5FD44-C7FD-4A78-A895-DC3B5B637B25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{57A2A3A1-773A-495C-ABDD-62D47F0CC3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{5898CC56-1340-4B21-AFC2-E6E2BEF87465}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{589ED00F-2B46-4F19-8B60-04C1E73194C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{5CA61C62-50DA-4336-B738-FB80766FFE89}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{5E13BBBC-5AF9-4136-9281-3B3E1804639E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5FF40B1A-D1C6-4E12-AC80-0658C08FA94C}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe |
"{60710EF1-335B-44CC-9980-F113C15D1232}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{60B65C5C-E199-4D4E-83CB-1C1F680F5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe |
"{61533F59-4185-4EA0-AB7F-825927AFA7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{61695591-AAD5-4EC3-99EE-07C967E90187}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{676E9803-1068-4E62-BC7D-45A9CC10BBEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{68C36906-080A-418B-941D-30A4C7E9B50A}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{692CD04B-B384-4AC9-891C-A3600CCBF58B}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6C267841-1853-4D65-8B79-BE0DC54CAE96}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{73466BBA-973A-4ABB-822D-149844F3465E}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe |
"{7534C730-FCB1-4157-AB1D-A13D74D4EAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{77684E18-240D-4734-9EC7-3782F37C3833}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{7993A6BF-D633-47AB-8C38-7D8BA73B68C0}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe |
"{7A1D6D07-9638-46FB-AB26-5E82F9204C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{7AF99A92-4E54-481E-ACAA-91849603CAFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7F680970-27C3-45A7-AAC4-C539570C7A16}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe |
"{8AD0284A-D093-4FAE-A196-7E2525539B80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8B9E8C28-3F04-45BA-87A3-CAFAFCBFC184}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{8CAD5D2C-338E-49F6-9C0A-DEEF05E8A717}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8F2C74FB-81EB-4E09-A2FD-BCEC1E14AAE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{901A56DE-2B30-474A-8767-E8B59FC5A2C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{982C9BC1-9D00-476B-8283-D8180A8C61A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9DEE0FCD-50A1-44CA-BC69-44E530D07930}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{A69510D5-A57D-4AA4-A42E-A8DCB53E2090}" = protocol=17 | dir=in | app=c:\users\user\desktop\jdwonloader\bf3\battlefield 3™\bf3.exe |
"{ABA61A61-BB20-4B57-89E3-1A487837AF21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AD45E9BD-BD59-49FD-BE5C-347156744DF2}" = protocol=17 | dir=in | app=c:\users\user\desktop\jdwonloader\rld-me3b\mass effect 3\binaries\win32\masseffect3.exe |
"{AD5734E5-E1F8-44A5-B0E7-A7AB017E41C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AE5AAE42-7DFD-49E6-ABD1-6478EFC278B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{B1346AA7-C346-4564-AEE7-E5F25D8A1721}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{B33388F4-6EC3-4D67-9661-80C476BC1CA1}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{B33E10DC-4FF4-451D-88EC-19C461C70EDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4A4F151-151B-46D5-9E21-D965CD803FF7}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{B7699084-BACD-4159-87D6-2727EA772CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{BCD2CF24-CDA6-4AAB-BD9C-D1EE8A062D65}" = protocol=6 | dir=in | app=c:\users\user\desktop\jdwonloader\bf3\battlefield 3™\bf3.exe |
"{BEF5BD71-4BBE-4049-8107-E189DD166431}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C3FB0EF4-BED1-4A2D-9AA9-343AB4482AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{C4A7D9A7-94BE-4FED-83CC-716B04D633CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C915204B-C42F-4792-B846-7169BD7CBB29}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{C99F3D34-C3AB-4FD6-B562-F3D48AFCA79F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CB7C1299-CA43-4BA9-9FC1-D0872EFB287A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{CD986959-F151-41ED-A368-D5845004D3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CF110977-38A0-46FA-B645-840C1654426F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D3C16309-1322-4286-8086-D84969F5BAD5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D3E43C94-A062-4D93-BE97-3878C56DAA82}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe |
"{DD884E61-8B5F-4924-A429-807CEEF5DF1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF84B358-A639-41AF-9886-A9EFC083403E}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{E00136B9-EA6F-4462-BDFB-850E081C3404}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E1C10977-5284-4C72-9F00-3534F59A9234}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{E2363B58-410E-4F3E-BE77-649DF9995540}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E27F747D-3330-4FBF-9F65-11675CD1F17F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E393C0F2-5831-4CC0-8FDF-EB077C99717D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E5068D9B-B5B0-4982-BDAA-88718C51F8C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E5DF582F-BB54-48B7-95B4-B3FD3A7CFC44}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{EB245090-BA4C-4CB6-A8B8-48A6417D3EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{ED01D032-3379-4EA1-8BE6-97ABF9293042}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EDE3173E-1F55-4909-875F-90B0E230F9A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{F5034D1D-DBF8-418F-B6B8-CBCB69A2F7D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FD44B630-6715-4687-98DF-CCE5B12B676D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"TCP Query User{06F4102F-C994-4C9A-85D7-EC8F9DA3E2D6}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe |
"TCP Query User{150356E9-C0FC-4AC9-A6F8-5CBDA23FA5AB}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{18BAC189-48DB-4009-B598-719FF97E942A}C:\program files (x86)\fifa 12\game\fifa (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa (2).exe |
"TCP Query User{2B745A81-5109-4FCD-BA94-9555E8E2DF00}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{82EACC23-502E-4B24-9D83-782C398063DB}C:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{84819144-7F7C-4941-AEE5-5E6D11DA36AB}C:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"TCP Query User{ADA8044C-DFEE-40AD-A609-73AC047472DC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{AE0A9BE9-1A39-47C9-B658-D3C34D3EA14A}C:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{B27ACCBE-53D9-4276-8B72-BF56A3382666}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{BC317EDD-7A16-43A9-A69B-C7C26911F14E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C85911BC-E325-4F30-94B9-0A3124D4BD11}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe |
"TCP Query User{DFE28DB4-1140-4A5D-A463-7F2092894E5D}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe |
"TCP Query User{FAC56270-E706-47EE-B79D-2B068CC70C25}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe |
"TCP Query User{FB4B0C83-2AC7-420D-8B69-9DDFEC8191B4}C:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{18F2A427-E9CD-4BB3-9F76-51E79EAF6E91}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{25BBC1D3-8FD4-4643-A887-139E08A2863E}C:\program files (x86)\fifa 12\game\fifa (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa (2).exe |
"UDP Query User{38099B30-482F-4313-AA41-C734E85A3E47}C:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3A34C171-3A6D-4382-A8E4-C62BCA8D46DA}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe |
"UDP Query User{3E04C44C-5DFD-4294-890C-51E6C795288D}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe |
"UDP Query User{5765CDF9-04E5-4FF4-B8E8-86197A8AD39B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5BD3EB5B-C4D6-4A63-BA11-8E59D41A7422}C:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{67E1ABC0-6611-4263-B124-7BCB530636E2}C:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"UDP Query User{9BA14C52-1B5E-4CC7-9433-97F18120FF47}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{AB4B1155-FCB3-4F33-A5D7-595A5F2C7A96}C:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{B273CDB6-F947-465C-9493-D5DD00491B2A}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe |
"UDP Query User{C91467B7-5C22-4827-B087-CF157AE88704}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe |
"UDP Query User{F6A374CD-63AC-43BB-A402-3C915E853E89}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{F9A8F4C8-6342-4ED6-8E39-BCF743E6C768}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95140000-00FF-042A-1000-0000000FF1CE}" = Microsoft Office Language Interface Pack 2010 - Tiếng Việt
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sandboxie" = Sandboxie 3.62 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D6E77E1-5898-4778-B2B8-378F4554D6C9}_is1" = StarcCaft Gold Edition
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1" = Need for Speed: The Run
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{35524018-624B-4596-8CD3-059AD2C770B2}" = Nuance PaperPort 14
"{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D83E500-4D0C-11DF-A750-005056C00008}" = Paragon Alignment Tool™ 2.0
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{560C6F9C-8D5E-4EAF-B408-98850E5DF49C}" = Nuance OmniPage 18
"{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}" = Langenscheidt T1 7.0
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = Franzis onlineTV 6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal Demo
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5E88F7C-E626-4ACF-971C-986CD532E839}" = calibre
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK Wireless LAN Driver and Utility
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C92009DE-648D-11DE-8E47-000C29905608}" = Paragon Disk Wiper™ 10 Personal
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D05DA216-EE7D-4967-98C0-8F7D990B95B9}" = Steganos Trace Destructor 12
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38AD1B2-1385-4D94-8BD6-652A757A0054}_is1" = ePUBee DRM Removal 1.3.2
"{F69FF549-DD4E-40A4-A92A-1E4A082F848F}_is1" = M4A MP3 Converter v4.3 build 1025
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"Borderlands 2_is1" = Borderlands 2
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CloneDVD2" = CloneDVD2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.1
"Diablo III" = Diablo III
"Diercke Globus Online" = Diercke Globus Online
"Digital Editions" = Adobe Digital Editions
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ePubDRMRemoval" = ePub DRM Removal
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.7.608
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.4.1228
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GameSpy Arcade" = GameSpy Arcade
"Generic USB 102 Sound" = USB Audio Device
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Hama Gamepad FIFA08 Patch" = Hama Gamepad FIFA08 Patch
"HotspotShield" = Hotspot Shield 2.67
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"iTunesDBCloner" = iTunes DB Cloner
"Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software
"KindleDRMRemoval" = Kindle DRM Removal
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaJoin" = MediaJoin
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0 (x86 de)" = Mozilla Thunderbird 10.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDFePubRMRemoval" = PDF ePub DRM Removal
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RealPoker_is1" = Real Poker
"RMPrepUSB" = RMPrepUSB
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.7
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 44320" = DiRT 3
"TMM90" = TELL ME MORE
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltraISO_is1" = UltraISO Premium V9.52
"UltraStar Deluxe" = UltraStar Deluxe
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
"Xilisoft PDF to EPUB Converter" = Xilisoft PDF to EPUB Converter
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3010
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3010
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
[ System Events ]
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:45 | Computer Name = user-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 02.12.2012 05:46:45 | Computer Name = user-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.12.2012 10:56:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,65% Memory free
7,96 Gb Paging File | 6,08 Gb Available in Paging File | 76,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1287,16 Gb Total Space | 718,47 Gb Free Space | 55,82% Space Free | Partition Type: NTFS
Drive H: | 110,00 Gb Total Space | 60,92 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.7K2Q6P2BZ3UW6BPOIKYIXGSOX4] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB61C7F-B42A-43ED-84DD-2B08A7645781}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{17B81468-B158-4661-AB3C-BE8D91B2A0CD}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{4B7E2924-D424-4A1D-9FE7-EC161BE3C330}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8C4FEBD3-BEA9-417B-B8E8-EF23E313CAC6}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{9F38857E-1A1A-4AA6-A2C9-B37C62EE5F2E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A52C9964-5EE0-42E6-8EB2-87919A18629A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B00529E2-92DE-445F-947E-68E42D8B78FD}" = lport=6500 | protocol=17 | dir=in | name=petroglyph |
"{B793E9FD-B420-4D7F-A1A7-C63BB622E6CF}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{DB6892DA-F442-4699-9A10-6DBD93BB3F48}" = lport=13139 | protocol=17 | dir=in | name=petroglyph |
"{FF4133AA-B96E-40AB-8863-A431348515D9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030D23AA-0169-4360-8A8A-D38EAC5CD3D3}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{06A06391-3EF5-47B5-BA29-0E8ACCBA2179}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{0728662F-90D4-4E2E-BF75-4EA909E11976}" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"{09F9CF09-8A36-45B7-8446-649CF47AF590}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{0E2A3AE9-23FC-4EEF-9A01-19F136CC199C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0E3EB4FE-BA0F-49ED-A90A-DEB714901860}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0F258BF6-B39F-4EB7-A953-A64F4778AA34}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{1184A7AC-1F05-4007-A5A4-F69C6DD76DD5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{12F2D569-EE07-462A-859A-1B37944FC45D}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{16E27250-5F72-478B-9548-5262A85EB4B9}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{21CF0650-5327-49EC-82FC-95BA43DE1EED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{227B880F-6F31-4181-85D5-607CE5FFD0C2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{23538A35-1CBF-46AF-925E-400238F9D777}" = protocol=6 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{2918672A-3E03-4095-8D46-477494B46370}" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"{2B99F6F2-093B-493B-93EA-2C5D3DCE03A7}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{2D17B715-C090-4B2C-8EA2-1AAFA744E826}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{31970236-3CAB-46E9-B139-0AECD6B2B02D}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{324D9D14-ACA0-48D8-AE5E-AC1C52CC0115}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37F8DA30-A68E-484B-BB4C-D7B1B5AE6487}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3F1C604E-4FC8-4C3D-8346-2A7544CD49DC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{420A551F-911C-4585-98AC-5A6613C10321}" = protocol=6 | dir=in | app=c:\users\user\desktop\jdwonloader\rld-me3b\mass effect 3\binaries\win32\masseffect3.exe |
"{43224B52-3B42-43CE-9A98-6C4328489DF1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{44C3C8BD-C555-4C50-A151-1D4924F90C55}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{450D43D5-F8BF-4130-845C-1CB5E2E6A13D}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{472B1902-AA28-4B2D-8410-8DD35432FFE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4A4C5206-A1A2-4597-A4A7-78DC063D960D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4AE276C5-624F-4AD2-A32F-03F0C1539ADE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4BC1FFD2-EDC6-4F6E-A75E-84C80C4D092A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{4F7C781D-B42C-4686-A4B6-8136D645546D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{51903944-B3C6-46BF-9C6C-6A711E59D3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{54646135-6E63-40BA-BFB0-790A2E9307ED}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{56D5FD44-C7FD-4A78-A895-DC3B5B637B25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{57A2A3A1-773A-495C-ABDD-62D47F0CC3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8185 wireless lan utility\rtwlan.exe |
"{5898CC56-1340-4B21-AFC2-E6E2BEF87465}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{589ED00F-2B46-4F19-8B60-04C1E73194C3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{5CA61C62-50DA-4336-B738-FB80766FFE89}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{5E13BBBC-5AF9-4136-9281-3B3E1804639E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5FF40B1A-D1C6-4E12-AC80-0658C08FA94C}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe |
"{60710EF1-335B-44CC-9980-F113C15D1232}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{60B65C5C-E199-4D4E-83CB-1C1F680F5CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe |
"{61533F59-4185-4EA0-AB7F-825927AFA7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{61695591-AAD5-4EC3-99EE-07C967E90187}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe |
"{676E9803-1068-4E62-BC7D-45A9CC10BBEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{68C36906-080A-418B-941D-30A4C7E9B50A}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{692CD04B-B384-4AC9-891C-A3600CCBF58B}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6C267841-1853-4D65-8B79-BE0DC54CAE96}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{73466BBA-973A-4ABB-822D-149844F3465E}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ereg\ereg.exe |
"{7534C730-FCB1-4157-AB1D-A13D74D4EAEB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{77684E18-240D-4734-9EC7-3782F37C3833}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{7993A6BF-D633-47AB-8C38-7D8BA73B68C0}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\omnipage18.exe |
"{7A1D6D07-9638-46FB-AB26-5E82F9204C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{7AF99A92-4E54-481E-ACAA-91849603CAFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7F680970-27C3-45A7-AAC4-C539570C7A16}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe |
"{8AD0284A-D093-4FAE-A196-7E2525539B80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8B9E8C28-3F04-45BA-87A3-CAFAFCBFC184}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{8CAD5D2C-338E-49F6-9C0A-DEEF05E8A717}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8F2C74FB-81EB-4E09-A2FD-BCEC1E14AAE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{901A56DE-2B30-474A-8767-E8B59FC5A2C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{982C9BC1-9D00-476B-8283-D8180A8C61A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{9DEE0FCD-50A1-44CA-BC69-44E530D07930}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{A69510D5-A57D-4AA4-A42E-A8DCB53E2090}" = protocol=17 | dir=in | app=c:\users\user\desktop\jdwonloader\bf3\battlefield 3™\bf3.exe |
"{ABA61A61-BB20-4B57-89E3-1A487837AF21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AD45E9BD-BD59-49FD-BE5C-347156744DF2}" = protocol=17 | dir=in | app=c:\users\user\desktop\jdwonloader\rld-me3b\mass effect 3\binaries\win32\masseffect3.exe |
"{AD5734E5-E1F8-44A5-B0E7-A7AB017E41C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AE5AAE42-7DFD-49E6-ABD1-6478EFC278B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{B1346AA7-C346-4564-AEE7-E5F25D8A1721}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{B33388F4-6EC3-4D67-9661-80C476BC1CA1}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{B33E10DC-4FF4-451D-88EC-19C461C70EDB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4A4F151-151B-46D5-9E21-D965CD803FF7}" = protocol=17 | dir=in | app=c:\program files (x86)\kabel deutschland\installations-software\kdi.exe |
"{B7699084-BACD-4159-87D6-2727EA772CF6}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{BCD2CF24-CDA6-4AAB-BD9C-D1EE8A062D65}" = protocol=6 | dir=in | app=c:\users\user\desktop\jdwonloader\bf3\battlefield 3™\bf3.exe |
"{BEF5BD71-4BBE-4049-8107-E189DD166431}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C3FB0EF4-BED1-4A2D-9AA9-343AB4482AB1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{C4A7D9A7-94BE-4FED-83CC-716B04D633CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{C915204B-C42F-4792-B846-7169BD7CBB29}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{C99F3D34-C3AB-4FD6-B562-F3D48AFCA79F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CB7C1299-CA43-4BA9-9FC1-D0872EFB287A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{CD986959-F151-41ED-A368-D5845004D3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{CF110977-38A0-46FA-B645-840C1654426F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D3C16309-1322-4286-8086-D84969F5BAD5}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D3E43C94-A062-4D93-BE97-3878C56DAA82}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\omnipage18\ppmv.exe |
"{DD884E61-8B5F-4924-A429-807CEEF5DF1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF84B358-A639-41AF-9886-A9EFC083403E}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187b wireless lan utility\rtwlan.exe |
"{E00136B9-EA6F-4462-BDFB-850E081C3404}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E1C10977-5284-4C72-9F00-3534F59A9234}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\future soldier.exe |
"{E2363B58-410E-4F3E-BE77-649DF9995540}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E27F747D-3330-4FBF-9F65-11675CD1F17F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E393C0F2-5831-4CC0-8FDF-EB077C99717D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E5068D9B-B5B0-4982-BDAA-88718C51F8C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E5DF582F-BB54-48B7-95B4-B3FD3A7CFC44}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{EB245090-BA4C-4CB6-A8B8-48A6417D3EAA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{ED01D032-3379-4EA1-8BE6-97ABF9293042}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EDE3173E-1F55-4909-875F-90B0E230F9A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's ghost recon future soldier\gu.exe |
"{F5034D1D-DBF8-418F-B6B8-CBCB69A2F7D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{FD44B630-6715-4687-98DF-CCE5B12B676D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"TCP Query User{06F4102F-C994-4C9A-85D7-EC8F9DA3E2D6}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe |
"TCP Query User{150356E9-C0FC-4AC9-A6F8-5CBDA23FA5AB}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{18BAC189-48DB-4009-B598-719FF97E942A}C:\program files (x86)\fifa 12\game\fifa (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa (2).exe |
"TCP Query User{2B745A81-5109-4FCD-BA94-9555E8E2DF00}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{82EACC23-502E-4B24-9D83-782C398063DB}C:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{84819144-7F7C-4941-AEE5-5E6D11DA36AB}C:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"TCP Query User{ADA8044C-DFEE-40AD-A609-73AC047472DC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{AE0A9BE9-1A39-47C9-B658-D3C34D3EA14A}C:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{B27ACCBE-53D9-4276-8B72-BF56A3382666}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{BC317EDD-7A16-43A9-A69B-C7C26911F14E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C85911BC-E325-4F30-94B9-0A3124D4BD11}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe |
"TCP Query User{DFE28DB4-1140-4A5D-A463-7F2092894E5D}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe |
"TCP Query User{FAC56270-E706-47EE-B79D-2B068CC70C25}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe |
"TCP Query User{FB4B0C83-2AC7-420D-8B69-9DDFEC8191B4}C:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{18F2A427-E9CD-4BB3-9F76-51E79EAF6E91}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{25BBC1D3-8FD4-4643-A887-139E08A2863E}C:\program files (x86)\fifa 12\game\fifa (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa (2).exe |
"UDP Query User{38099B30-482F-4313-AA41-C734E85A3E47}C:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{3A34C171-3A6D-4382-A8E4-C62BCA8D46DA}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2 (2).exe |
"UDP Query User{3E04C44C-5DFD-4294-890C-51E6C795288D}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (2).exe |
"UDP Query User{5765CDF9-04E5-4FF4-B8E8-86197A8AD39B}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5BD3EB5B-C4D6-4A63-BA11-8E59D41A7422}C:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{67E1ABC0-6611-4263-B124-7BCB530636E2}C:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\starcraft ii.exe |
"UDP Query User{9BA14C52-1B5E-4CC7-9433-97F18120FF47}C:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{AB4B1155-FCB3-4F33-A5D7-595A5F2C7A96}C:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\sc2\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{B273CDB6-F947-465C-9493-D5DD00491B2A}C:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii (3).exe |
"UDP Query User{C91467B7-5C22-4827-B087-CF157AE88704}C:\program files (x86)\gta iv complete edition\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta iv complete edition\gtaiv.exe |
"UDP Query User{F6A374CD-63AC-43BB-A402-3C915E853E89}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{F9A8F4C8-6342-4ED6-8E39-BCF743E6C768}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}" = PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95140000-00FF-042A-1000-0000000FF1CE}" = Microsoft Office Language Interface Pack 2010 - Tiếng Việt
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CD7A262C-287E-41DD-A0F7-733856252C6B}" = Nuance PDF Create 7
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Sandboxie" = Sandboxie 3.62 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D6E77E1-5898-4778-B2B8-378F4554D6C9}_is1" = StarcCaft Gold Edition
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F121516-E175-4E0B-AC4D-42DD5164E396}_is1" = Need for Speed: The Run
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{35524018-624B-4596-8CD3-059AD2C770B2}" = Nuance PaperPort 14
"{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D83E500-4D0C-11DF-A750-005056C00008}" = Paragon Alignment Tool™ 2.0
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{560C6F9C-8D5E-4EAF-B408-98850E5DF49C}" = Nuance OmniPage 18
"{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}" = Langenscheidt T1 7.0
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = Franzis onlineTV 6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65F8E0A6-A290-4D47-B391-D6353D756854}" = Pro Evolution Soccer 2013 DEMO
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 11 Personal Demo
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 11 Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ac3600d2-e1b3-4573-bef7-73f9409d6393}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5E88F7C-E626-4ACF-971C-986CD532E839}" = calibre
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK Wireless LAN Driver and Utility
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C92009DE-648D-11DE-8E47-000C29905608}" = Paragon Disk Wiper™ 10 Personal
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D05DA216-EE7D-4967-98C0-8F7D990B95B9}" = Steganos Trace Destructor 12
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EAC2DDAB-5035-44EE-AA13-65D40CF46FF1}" = Kabel Deutschland Installations-Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38AD1B2-1385-4D94-8BD6-652A757A0054}_is1" = ePUBee DRM Removal 1.3.2
"{F69FF549-DD4E-40A4-A92A-1E4A082F848F}_is1" = M4A MP3 Converter v4.3 build 1025
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"Borderlands 2_is1" = Borderlands 2
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CloneDVD2" = CloneDVD2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.1
"Diablo III" = Diablo III
"Diercke Globus Online" = Diercke Globus Online
"Digital Editions" = Adobe Digital Editions
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EasyBCD" = EasyBCD 2.1.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ePubDRMRemoval" = ePub DRM Removal
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.7.608
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 5.0.4.1228
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"Freemake Video Downloader_is1" = Freemake Video Downloader
"GameSpy Arcade" = GameSpy Arcade
"Generic USB 102 Sound" = USB Audio Device
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Hama Gamepad FIFA08 Patch" = Hama Gamepad FIFA08 Patch
"HotspotShield" = Hotspot Shield 2.67
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"iTunesDBCloner" = iTunes DB Cloner
"Kabel Deutschland Installations-Software" = Kabel Deutschland Installations-Software
"KindleDRMRemoval" = Kindle DRM Removal
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaJoin" = MediaJoin
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 10.0 (x86 de)" = Mozilla Thunderbird 10.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDFePubRMRemoval" = PDF ePub DRM Removal
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"RealPoker_is1" = Real Poker
"RMPrepUSB" = RMPrepUSB
"Rockstar Games Social Club" = Rockstar Games Social Club
"SopCast" = SopCast 3.4.7
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 44320" = DiRT 3
"TMM90" = TELL ME MORE
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UltraISO_is1" = UltraISO Premium V9.52
"UltraStar Deluxe" = UltraStar Deluxe
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"WinPcapInst" = WinPcap 4.1.2
"Xilisoft PDF to EPUB Converter" = Xilisoft PDF to EPUB Converter
"XviD4PSP5_is1" = XviD4PSP 5.10.271.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
"XBMC" = XBMC
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3010
Error - 06.11.2012 14:17:39 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3010
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 06.11.2012 14:17:40 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007
Error - 06.11.2012 14:17:41 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 06.11.2012 14:17:42 | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
[ System Events ]
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
hpqcxs08 erreicht.
Error - 02.12.2012 05:46:20 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpqcxs08" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 02.12.2012 05:46:45 | Computer Name = user-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 02.12.2012 05:46:45 | Computer Name = user-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
Edit: Und ich hatte beim Hochfahren den Fehler "Server ausgelastet" !! |
|
03.12.2012, 15:36
| #8 |
| /// Malware-holic | Skype Virus Das ist 2mal Extras.txt. OTL.txt fehlt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 17:22
| #9 |
| | Skype Virus Sorry, hier ist die OTl.txt. Ich habe schonmal alle wichtigen Daten gesichert, falls der PC nicht mehr zu retten ist. OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.12.2012 10:56:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,42 Gb Available Physical Memory | 60,65% Memory free 7,96 Gb Paging File | 6,08 Gb Available in Paging File | 76,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1287,16 Gb Total Space | 718,47 Gb Free Space | 55,82% Space Free | Partition Type: NTFS Drive H: | 110,00 Gb Total Space | 60,92 Gb Free Space | 55,38% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.02 10:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2012.11.20 19:42:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012.10.24 14:48:53 | 000,843,208 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.11 08:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 08:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.10.09 08:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.04.11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2012.04.10 14:42:32 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.10 14:42:28 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.12.30 11:26:06 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe PRC - [2011.10.28 18:53:10 | 000,219,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2011.09.16 13:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011.08.04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.01.15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.01.08 13:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe PRC - [2010.01.08 13:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe PRC - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe PRC - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 12:45:21 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll MOD - [2012.11.17 12:45:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 12:44:25 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll MOD - [2012.11.15 03:27:15 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll MOD - [2012.11.15 03:26:58 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.15 03:26:46 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.15 03:20:39 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.15 03:20:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll MOD - [2012.11.15 03:20:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.15 03:20:33 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.15 03:20:26 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.08.03 02:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2012.04.11 01:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ========== Services (SafeList) ========== SRV - [2012.11.20 19:42:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.10.29 19:11:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.09 17:23:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.03 02:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.08.03 02:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2012.08.03 02:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.08.03 02:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.06.21 14:27:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.04.28 11:34:42 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.10 14:42:32 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.10 14:42:28 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.07 01:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.12.30 11:26:06 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.10.28 18:53:10 | 000,219,496 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.07.08 11:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk) SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B) SRV - [2009.12.07 12:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe -- (Realtek8185) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.07.24 21:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.10 15:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2012.05.10 15:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2012.03.26 22:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.03.07 01:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.03.02 05:13:58 | 000,029,184 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.09.03 15:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64) DRV:64bit: - [2010.07.08 14:18:38 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.06.23 08:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.05.28 13:24:56 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2010.03.23 01:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012.03.02 05:13:58 | 000,021,504 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 13 D6 CB 64 13 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={EA3D4176-851F-4FD9-8CF0-E51C6A739143}&mid=bafa9b39e38147d082906de783077a40-0f8157e09022074fbd8fd00d4ffb22e5603e9892&lang=de&ds=AVG&pr=pr&d=2012-06-03 15:46:57&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bewerbung-tipps.com/forum/ | hxxp://www.sueddeutsche.de/thema/Bewerbung" FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1 FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.16.0 FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.2 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.449 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.449 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..network.proxy.http: "64.85.181.44" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\user\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.02.07 16:18:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.07 16:19:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 19:11:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.02.07 18:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.07 16:19:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 19:11:44 | 000,000,000 | ---D | M] [2012.02.07 16:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.12.01 13:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kit07p6s.default\extensions [2012.06.04 18:52:03 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kit07p6s.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.10.03 11:33:36 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kit07p6s.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012.09.01 23:12:28 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\kit07p6s.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.12.01 13:56:19 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.26 19:39:46 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.26 19:39:50 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.25 14:17:17 | 000,000,853 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\searchplugins\11-suche.xml [2012.09.25 14:17:17 | 000,002,209 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\searchplugins\englische-ergebnisse.xml [2012.09.25 14:17:17 | 000,010,506 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\searchplugins\gmx-suche.xml [2012.09.25 14:17:17 | 000,002,368 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\searchplugins\lastminute.xml [2012.09.25 14:17:17 | 000,005,489 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\kit07p6s.default\searchplugins\webde-suche.xml [2012.10.29 19:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 19:11:41 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2012.10.29 19:11:44 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 17:43:41 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={EA3D4176-851F-4FD9-8CF0-E51C6A739143}&mid=bafa9b39e38147d082906de783077a40-0f8157e09022074fbd8fd00d4ffb22e5603e9892&lang=de&ds=AVG&pr=pr&d=2012-06-03 15:46:57&v=11.1.0.12&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\user\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - Extension: Adblock Plus = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ Hosts file not found O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Cm102Sound] C:\Windows\Syswow64\cm102.cpl (C-Media Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1026B054-06CA-4C66-937B-287F34A98C94}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E41D9C8-BCE9-45A8-923F-C2F25A35D34D}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9f7ddc1f-b9f4-11e1-9f2d-bcaec5e393b3}\Shell - "" = AutoRun O33 - MountPoints2\{9f7ddc1f-b9f4-11e1-9f2d-bcaec5e393b3}\Shell\AutoRun\command - "" = J:\setup.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {07e84f41-11d5-4615-aaf6-368df0762b41} - C:\ProgramData\Duden\dkreg.exe /dktray=off /csapi=off /ALLUSERS ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk - - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig:64bit - StartUpReg: TrojanScanner - hkey= - key= - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 20:09:36 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bewerbung Klusmeier [2012.11.21 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Theta [2012.11.21 09:50:18 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Assassin's Creed III [2012.11.20 19:41:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.18 12:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.16 16:43:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Brice_Lambson [2012.11.16 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows [2012.11.16 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resizer for Windows [2012.11.16 16:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows [2012.11.15 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2012.11.15 16:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012.11.15 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs [2012.11.09 14:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [5 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.02 10:52:42 | 000,050,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 10:52:42 | 000,050,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.02 10:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.02 10:44:19 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.02 10:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.02 10:43:33 | 3207,323,648 | -HS- | M] () -- C:\hiberfil.sys [2012.12.01 21:44:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2333394163-3188622868-1219506514-1000UA.job [2012.12.01 21:44:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.01 13:05:55 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2333394163-3188622868-1219506514-1000Core.job [2012.11.29 20:19:14 | 000,002,481 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2012.11.29 14:46:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.29 14:46:58 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.29 14:46:58 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.29 14:46:58 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.29 14:46:58 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.23 15:23:14 | 000,001,198 | ---- | M] () -- C:\Users\user\Desktop\AC3SP - Verknüpfung.lnk [2012.11.20 19:42:14 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.11.20 19:42:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.11.20 19:41:55 | 000,001,205 | ---- | M] () -- C:\Users\user\Desktop\Uplay.lnk [2012.11.17 21:40:43 | 000,179,827 | ---- | M] () -- C:\Users\user\Documents\422.jpg [2012.11.17 21:34:49 | 000,146,331 | ---- | M] () -- C:\Users\user\Documents\123456.jpg [2012.11.16 16:46:40 | 000,123,867 | ---- | M] () -- C:\Users\user\Desktop\brief von bank.jpg [2012.11.16 16:45:47 | 000,150,485 | ---- | M] () -- C:\Users\user\Desktop\führerschein rückseite (Medium).jpg [2012.11.16 16:43:36 | 000,151,316 | ---- | M] () -- C:\Users\user\Desktop\führerschein vorderseite (Medium).jpg [2012.11.16 16:38:50 | 002,119,325 | ---- | M] () -- C:\Users\user\Desktop\20121116_163850.jpg [2012.11.16 16:28:43 | 002,036,206 | ---- | M] () -- C:\Users\user\Desktop\führerschein rückseite.jpg [2012.11.16 16:28:29 | 002,038,573 | ---- | M] () -- C:\Users\user\Desktop\führerschein vorderseite.jpg [2012.11.15 03:48:17 | 000,430,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.09 14:58:36 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [5 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ] [10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.23 15:23:14 | 000,001,198 | ---- | C] () -- C:\Users\user\Desktop\AC3SP - Verknüpfung.lnk [2012.11.20 19:41:55 | 000,001,205 | ---- | C] () -- C:\Users\user\Desktop\Uplay.lnk [2012.11.18 12:19:30 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.11.17 21:40:40 | 000,179,827 | ---- | C] () -- C:\Users\user\Documents\422.jpg [2012.11.17 21:34:45 | 000,146,331 | ---- | C] () -- C:\Users\user\Documents\123456.jpg [2012.11.16 16:46:40 | 000,123,867 | ---- | C] () -- C:\Users\user\Desktop\brief von bank.jpg [2012.11.16 16:45:47 | 000,150,485 | ---- | C] () -- C:\Users\user\Desktop\führerschein rückseite (Medium).jpg [2012.11.16 16:45:32 | 002,119,325 | ---- | C] () -- C:\Users\user\Desktop\20121116_163850.jpg [2012.11.16 16:44:54 | 002,036,206 | ---- | C] () -- C:\Users\user\Desktop\führerschein rückseite.jpg [2012.11.16 16:43:36 | 000,151,316 | ---- | C] () -- C:\Users\user\Desktop\führerschein vorderseite (Medium).jpg [2012.11.16 16:33:43 | 002,038,573 | ---- | C] () -- C:\Users\user\Desktop\führerschein vorderseite.jpg [2012.11.15 03:22:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.15 03:08:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.25 21:26:15 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.07.23 19:10:14 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.06.19 11:14:47 | 000,002,241 | ---- | C] () -- C:\Users\user\.heldEinstellungen4_1.xml [2012.06.19 11:14:46 | 000,000,363 | ---- | C] () -- C:\Users\user\.dsa4.properties [2012.05.23 18:55:36 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db [2012.05.17 14:17:13 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll [2012.04.22 17:16:49 | 001,977,934 | ---- | C] () -- C:\Users\user\SGTA400 [2012.04.11 18:45:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012.03.25 16:49:41 | 000,006,912 | ---- | C] () -- C:\Windows\SysWow64\update.dat [2012.03.25 16:49:41 | 000,006,912 | ---- | C] () -- C:\Windows\SysWow64\supdate2.dll [2012.03.07 00:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.03.02 15:43:02 | 000,105,174 | ---- | C] () -- C:\ProgramData\1330697215.bdinstall.bin [2012.03.02 14:56:40 | 000,183,327 | ---- | C] () -- C:\ProgramData\1330696440.bdinstall.bin [2012.02.07 18:55:39 | 000,238,312 | ---- | C] () -- C:\Windows\hpwins26.dat.temp [2012.02.07 17:42:34 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.07 17:23:13 | 000,000,680 | RHS- | C] () -- C:\Users\user\ntuser.pol [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012.01.12 16:49:32 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll [2012.01.12 16:49:32 | 001,527,650 | ---- | C] () -- C:\Windows\SysWow64\fftw3.dll [2012.01.12 16:49:32 | 000,140,288 | ---- | C] () -- C:\Windows\SysWow64\avsfilter.dll [2012.01.12 16:49:32 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\AvsRecursion.dll [2012.01.12 16:49:31 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\avisynth_c.dll [2012.01.05 21:04:01 | 000,947,408 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe [2011.12.30 16:41:08 | 000,000,421 | ---- | C] () -- C:\Users\user\.swfinfo [2011.12.22 14:47:35 | 000,000,556 | ---- | C] () -- C:\Windows\eReg.dat [2011.12.17 13:47:22 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.12.17 13:47:22 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.11.26 21:03:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\mupkernps11.dll [2011.11.20 13:49:43 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp [2011.10.28 18:10:36 | 000,034,481 | ---- | C] () -- C:\Windows\MAXLINK.INI [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.08.12 15:41:56 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011.08.12 15:28:53 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM102rm.dll [2011.08.12 15:28:53 | 000,000,196 | ---- | C] () -- C:\Windows\Cm102.ini.cfl [2011.08.12 15:27:03 | 000,002,550 | R--- | C] () -- C:\Windows\Cm102.ini.cfg [2011.08.08 19:21:57 | 000,000,565 | ---- | C] () -- C:\Users\user\AppData\Roaming\myMPQ.ini [2011.08.08 18:00:22 | 000,002,200 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.08.08 14:31:21 | 000,238,975 | ---- | C] () -- C:\Windows\hpwins26.dat [2011.08.05 10:20:02 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2011.08.05 10:20:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll [2011.08.05 10:20:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2011.08.05 10:20:02 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll [2011.08.03 17:44:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.08.03 14:06:51 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.03 14:06:48 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.08.03 14:06:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.04 17:46:11 | 000,031,861 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011.05.04 17:36:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.05.04 17:36:37 | 000,021,576 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2007.06.21 16:11:24 | 000,000,266 | ---- | C] () -- C:\Program Files (x86)\Common Files\hama.de - Download-Area Gamecontroller.url ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.24 12:13:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.oit [2012.07.23 19:32:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AAV [2012.09.29 16:34:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013 [2012.06.11 16:37:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\calibre [2012.02.07 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited [2012.10.31 20:19:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon [2012.02.07 16:34:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\concept design [2012.10.29 22:05:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Diercke Globus Online [2012.08.08 18:58:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Duden [2012.07.04 16:00:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.11 16:26:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eBookConverter [2012.03.31 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular [2012.07.31 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeAudioPack [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeCDRipper [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FreeMoviesToDVD [2012.02.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn [2012.07.14 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech [2011.12.23 00:54:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mirabyte [2012.06.08 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mobipocket [2012.04.06 12:43:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MP3toiPodAudioBookConverter [2012.07.24 11:36:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance [2012.02.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org [2012.04.20 16:37:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Petroglyph [2012.09.03 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ProtectDisc [2012.01.20 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan [2012.07.05 16:15:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\redsn0w [2012.05.17 13:47:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\runic games [2012.10.24 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung [2012.07.24 11:37:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ScanSoft [2012.05.23 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\shared [2012.02.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Simply Super Software [2012.02.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SlySoft [2012.06.02 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Steganos [2012.05.05 12:34:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synthesia [2012.02.07 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\The Creative Assembly [2012.11.21 09:53:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Theta [2012.02.07 18:55:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird [2012.02.07 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software [2012.06.23 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft [2012.09.15 09:55:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ultrastardx [2012.08.17 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WindSolutions [2012.04.24 20:00:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\XBMC [2012.08.22 11:59:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xilisoft [2012.06.19 12:16:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Zeon ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.13 08:54:25 | 000,000,000 | -H-D | M] -- C:\$AVG [2012.02.07 15:59:24 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2009.07.14 06:09:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.02.07 17:09:19 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS [2012.02.07 16:56:10 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2011.08.03 21:02:26 | 000,000,000 | ---D | M] -- C:\8a69c83ecef8a1ecfc3c53 [2012.02.06 16:59:16 | 000,000,000 | ---D | M] -- C:\9d05bdd959312f5287c86d105da0 [2012.11.29 14:34:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.04 17:14:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.11.20 19:28:20 | 000,000,000 | ---D | M] -- C:\downloads [2012.10.23 09:06:55 | 000,000,000 | -HSD | M] -- C:\found.000 [2012.06.19 12:19:04 | 000,000,000 | -H-D | M] -- C:\Gladinet [2012.08.21 09:59:54 | 000,000,000 | ---D | M] -- C:\Hotspot Shield [2011.05.04 17:46:17 | 000,000,000 | ---D | M] -- C:\Intel [2012.07.23 18:36:44 | 000,000,000 | ---D | M] -- C:\Langenscheidt T1 7_0 [2012.10.23 18:00:02 | 000,000,000 | ---D | M] -- C:\MMS [2012.02.09 16:17:52 | 000,000,000 | -H-D | M] -- C:\msdownld.tmp [2011.08.15 21:37:29 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.07.14 13:14:57 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.16 16:38:08 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.16 16:38:07 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.15 16:41:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.05.04 17:14:39 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.07 17:22:51 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.05 16:00:31 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.08.08 18:00:59 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.12.02 10:58:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.11.18 12:30:29 | 000,000,000 | ---D | M] -- C:\Temp [2012.03.05 17:55:24 | 000,000,000 | ---D | M] -- C:\Users [2012.11.20 19:42:32 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.31 11:03:14 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333394163-3188622868-1219506514-1000Core.job [2012.03.31 11:03:15 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2333394163-3188622868-1219506514-1000UA.job [2012.04.07 12:01:01 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.07.28 13:54:11 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.07.28 13:54:13 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2008.04.14 11:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=F697644D5F59050FBE6AF896C19CCA93 -- C:\Program Files (x86)\ePUBee DRM Removal\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.10.08 09:02:17 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.06.22 14:34:45 | 000,000,363 | ---- | M] () -- C:\Users\user\.dsa4.properties [2012.06.19 11:14:47 | 000,002,241 | ---- | M] () -- C:\Users\user\.heldEinstellungen4_1.xml [2011.12.30 16:41:45 | 000,000,421 | ---- | M] () -- C:\Users\user\.swfinfo [2012.12.02 11:22:53 | 008,912,896 | -HS- | M] () -- C:\Users\user\ntuser.dat [2012.12.02 11:22:53 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG1 [2012.02.07 16:15:44 | 000,000,000 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG2 [2012.02.07 16:15:46 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.02.07 16:15:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.02.07 16:15:46 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.10.28 20:00:39 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{183dd501-1dcb-11e2-89f0-bcaec5e393b3}.TM.blf [2012.10.28 20:00:39 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{183dd501-1dcb-11e2-89f0-bcaec5e393b3}.TMContainer00000000000000000001.regtrans-ms [2012.10.28 20:00:39 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{183dd501-1dcb-11e2-89f0-bcaec5e393b3}.TMContainer00000000000000000002.regtrans-ms [2012.02.07 17:23:11 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini [2012.02.07 17:23:13 | 000,000,680 | RHS- | M] () -- C:\Users\user\ntuser.pol [2011.11.14 22:06:48 | 001,977,934 | ---- | M] () -- C:\Users\user\SGTA400 [2012.05.14 14:34:46 | 000,000,518 | ---- | M] () -- C:\Users\user\umbrella0.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 809 bytes -> C:\Users\user\Documents\E ticket Tran Thi Khanh.eml:OECustomProperty @Alternate Data Stream - 773 bytes -> C:\Users\user\Documents\E Ticket Tran Duc.eml:OECustomProperty @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A303874F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FD9CE1F3 < End of report > |
|
| Themen zu Skype Virus |
| beste, besten, e-mail, entferne, entfernen, erhalte, erhalten, fotos, freund, geklickt, glaube, message, neulich, profil, richtet, schöne, skype, skype virus, virus |
