| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 79.111.*.* - Werde im Netz unter einer Falschen IP-Adresse erkannt und in Foren als Spambot geblockt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.09.2012, 15:01
| #1 |
| |  79.111.*.* - Werde im Netz unter einer Falschen IP-Adresse erkannt und in Foren als Spambot geblockt. Hi Leute! Habe seit gestern ein Problem mit meiner IP-Adresse. Habe wegen eines Spiels (namentlich: Torchlight 2) ein paar Ports aufgemacht, da ich keine Möglichkeit hatte eine Connection zu anderen Spielern aufzubauen. // Habe die Ports mittlerweile alle wieder geschlossen. Heute morgen, nach ungefähr 4-5 Stunden rumprobieren, habe ich mich dann entschieden selber einen kleinen Fragepost im Runic.de Forum aufzumachen... und habe dann ganz schön doof aus der Wäsche geschaut als ich bei der Forum-Accountregistration plötzlich diese Meldung bekommen habe: Your IP 79.111.192.30 has been blocked because it is blacklisted. For details please see 79.111.192.30. An entry on the blaklist may have several reasons: 1. You are a well-known spammer. 2. Last time a well-known spammer was using the dynamic IP address which you got from your ISP (Internet Service Provider). 3. Your ISP is well-known for a lot of spamming customers and is not fighting against spammers. Habe dann erstmal schnell mein cmd -> ipconfig gecheckt, dort ist wie erwartet immer noch meine feste 192.168.*.* Adresse angegeben. Bin dann auf wieistmeineip.de... und siehe da, auch dort wird meine IP als 79.111.192.30 erkannt. Ein paar Google Nachforschungen haben ergeben, dass diese Adresse irgendwo in Moskau vermeldet ist... ich wohne selber auch in Moskau... allerdings ist dies definitiv nicht meine Adresse... und ich glaube ich bin auch kein Spambot :P Habe jetzt als erstes vermutet dass ich mir irgendwo ein Root Kit oder ähnliches eingefangen hab... Habe erstmal einen schnellen ODT Scan durchlaufen lassen, wie im Forum beschrieben, hier die beiden .txt: ODT.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.09.2012 17:04:59 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Baumkind\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 48,69% Memory free 15,80 Gb Paging File | 11,12 Gb Available in Paging File | 70,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 411,91 Gb Total Space | 84,75 Gb Free Space | 20,58% Space Free | Partition Type: NTFS Drive D: | 274,60 Gb Total Space | 269,14 Gb Free Space | 98,01% Space Free | Partition Type: NTFS Drive E: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BAUMKIND-MSI | User Name: Baumkind | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Baumkind\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\MSI\KLM\KLM.exe (Micro-Star International Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6dc7ae907d0a57aa19331225f5192ca7\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe () MOD - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV:64bit: - (Qualcomm Atheros Killer Service) -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe () SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Micro Star SCM) -- C:\Program Files (x86)\S-Bar\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV:64bit: - (MGHwCtrl) -- C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys File not found DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Bigfoot Networks, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\e22W7x64.sys (Qualcomm Atheros, Inc.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (gbxavs) -- C:\Windows\SysNative\drivers\gbxavs.sys (Native Instruments GmbH) DRV:64bit: - (gbxusb_svc) -- C:\Windows\SysNative\drivers\gbxusb.sys (Native Instruments GmbH) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7938087C-7958-4B93-979E-5706042D5497} IE:64bit: - HKLM\..\SearchScopes\{7938087C-7958-4B93-979E-5706042D5497}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {7938087C-7958-4B93-979E-5706042D5497} IE - HKLM\..\SearchScopes\{7938087C-7958-4B93-979E-5706042D5497}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com IE - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\..\SearchScopes,DefaultScope = {7938087C-7958-4B93-979E-5706042D5497} IE - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Informatik\eclipse\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 20:12:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.25 21:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baumkind\AppData\Roaming\mozilla\Extensions [2012.08.25 00:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Baumkind\AppData\Roaming\mozilla\Firefox\Profiles\697bok7d.default\extensions [2012.07.27 20:44:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Baumkind\AppData\Roaming\mozilla\Firefox\Profiles\697bok7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.07 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 20:12:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.31 17:29:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:29:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.31 17:29:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.31 17:29:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.31 17:29:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.31 17:29:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Informatik\eclipse\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Informatik\eclipse\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KLM] C:\Program Files (x86)\MSI\KLM\KLM.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (Micro-Star International Co.,Ltd.) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [VGAOCAP] C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe () O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3664255064-580672183-1075423204-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-3664255064-580672183-1075423204-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3664255064-580672183-1075423204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Baumkind\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Baumkind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Baumkind\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Baumkind\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{134B834A-96FD-4D77-A2A8-52659D6494A1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D6DB9F-048D-4B0E-A7D4-6F9A21FB7059}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1534994e-dd45-11e1-94a8-8c89a5024998}\Shell - "" = AutoRun O33 - MountPoints2\{1534994e-dd45-11e1-94a8-8c89a5024998}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{15349951-dd45-11e1-94a8-8c89a5024998}\Shell - "" = AutoRun O33 - MountPoints2\{15349951-dd45-11e1-94a8-8c89a5024998}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{153499ff-dd45-11e1-94a8-8c89a5024998}\Shell - "" = AutoRun O33 - MountPoints2\{153499ff-dd45-11e1-94a8-8c89a5024998}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{15349a01-dd45-11e1-94a8-8c89a5024998}\Shell - "" = AutoRun O33 - MountPoints2\{15349a01-dd45-11e1-94a8-8c89a5024998}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{4a4711b8-d88f-11e1-a0d0-685d435024cc}\Shell - "" = AutoRun O33 - MountPoints2\{4a4711b8-d88f-11e1-a0d0-685d435024cc}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{4a4711c6-d88f-11e1-a0d0-685d435024cc}\Shell - "" = AutoRun O33 - MountPoints2\{4a4711c6-d88f-11e1-a0d0-685d435024cc}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{9ab69ed5-da4a-11e1-9caa-685d435024cc}\Shell - "" = AutoRun O33 - MountPoints2\{9ab69ed5-da4a-11e1-9caa-685d435024cc}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{9ab69ed8-da4a-11e1-9caa-685d435024cc}\Shell - "" = AutoRun O33 - MountPoints2\{9ab69ed8-da4a-11e1-9caa-685d435024cc}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.22 16:28:59 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\Malwarebytes [2012.09.22 16:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 16:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 16:28:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.09.22 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.22 14:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.09.22 14:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.09.22 14:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.09.22 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\Avira [2012.09.22 14:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.22 14:19:22 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.09.22 14:19:22 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.09.22 14:19:22 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.09.22 14:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.22 14:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.09.22 13:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.09.22 13:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.22 13:31:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.09.21 23:15:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012.09.21 21:38:09 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\UnknownApplicationVendor [2012.09.21 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\Documents\Tunngle [2012.09.21 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\Tunngle [2012.09.21 20:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2012.09.21 20:41:02 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\windows\SysNative\drivers\tap0901t.sys [2012.09.21 20:29:27 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\NVIDIA [2012.09.21 20:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.09.21 14:12:56 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\Documents\LOLReplay [2012.09.21 14:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOLReplay [2012.09.20 18:01:46 | 000,000,000 | -H-D | C] -- C:\Users\Baumkind\Desktop\.picasaoriginals [2012.09.20 16:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.09.20 16:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Informatik [2012.09.20 16:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.09.20 16:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.09.12 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012.09.12 22:11:15 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\uTorrent [2012.09.11 12:09:19 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\Corel [2012.09.11 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\Corel [2012.09.07 20:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.27 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\six-updater [2012.08.27 21:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012.08.27 21:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012.08.27 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Local\ArmA 2 OA [2012.08.27 01:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2012.08.27 01:39:08 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\six-zsync [2012.08.27 01:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks [2012.08.27 01:38:05 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Local\Downloaded Installations [2012.08.27 00:13:46 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\runic games [2012.08.26 21:35:04 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\Documents\ArmA 2 [2012.08.26 21:35:04 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Local\ArmA 2 [2012.08.26 00:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbatim GREEN BUTTON [2012.08.26 00:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verbatim GREEN BUTTON [2012.08.25 03:42:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat [2012.08.25 03:42:04 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat [2012.08.25 01:47:00 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\Skype [2012.08.25 01:46:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.25 01:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.25 01:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.25 01:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.08.25 00:12:32 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\Desktop\Beatport Music [2012.08.24 22:00:24 | 000,000,000 | ---D | C] -- C:\Users\Baumkind\AppData\Roaming\com.beatport.BeatportDownloader [2012.08.24 22:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beatport Downloader [2012.08.24 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.22 16:28:34 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 15:36:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.22 14:48:29 | 000,001,268 | ---- | M] () -- C:\Users\Baumkind\Desktop\Spybot - Search & Destroy.lnk [2012.09.22 14:39:42 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 14:39:42 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 14:28:03 | 2066,284,543 | -HS- | M] () -- C:\hiberfil.sys [2012.09.22 14:19:29 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.09.21 23:37:04 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\Access.dat [2012.09.21 23:36:08 | 000,000,222 | ---- | M] () -- C:\Users\Baumkind\Desktop\Torchlight II.url [2012.09.21 23:33:37 | 000,000,221 | ---- | M] () -- C:\Users\Baumkind\Desktop\Torchlight.url [2012.09.21 23:15:39 | 636,908,235 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.09.21 21:05:23 | 000,294,888 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.09.21 20:14:38 | 001,550,634 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.09.21 20:14:38 | 000,665,578 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.09.21 20:14:38 | 000,627,420 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.09.21 20:14:38 | 000,133,758 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.09.21 20:14:38 | 000,110,140 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.09.21 18:54:17 | 000,000,221 | ---- | M] () -- C:\Users\Baumkind\Desktop\Borderlands 2.url [2012.09.21 14:12:55 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.09.20 18:01:46 | 000,024,869 | ---- | M] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-004.jpg [2012.09.20 17:58:18 | 000,020,801 | ---- | M] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-003.jpg [2012.09.20 17:52:25 | 000,154,610 | ---- | M] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-002.jpg [2012.09.20 17:44:52 | 000,204,658 | ---- | M] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-001.jpg [2012.09.20 17:35:35 | 001,964,488 | ---- | M] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer.jpg [2012.09.20 17:33:34 | 000,768,769 | ---- | M] () -- C:\Users\Baumkind\Desktop\FLYERSTREETARTPARTY.pdf [2012.09.13 00:12:04 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.09.12 22:12:25 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.09.11 12:09:19 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.09.07 20:26:05 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012.09.07 20:26:05 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012.09.07 20:26:05 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.08.27 21:36:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.08.27 21:36:03 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.08.27 01:46:28 | 000,000,219 | ---- | M] () -- C:\Users\Baumkind\Desktop\Left 4 Dead 2.url [2012.08.27 01:46:28 | 000,000,219 | ---- | M] () -- C:\Users\Baumkind\Desktop\Left 4 Dead 2 Add-on Support.url [2012.08.26 22:40:18 | 000,000,221 | ---- | M] () -- C:\Users\Baumkind\Desktop\ARMA 2 Operation Arrowhead.url [2012.08.26 00:42:57 | 000,000,221 | ---- | M] () -- C:\Users\Baumkind\Desktop\ARMA 2.url [2012.08.25 01:46:58 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.24 22:00:22 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk [6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.22 16:28:34 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 14:48:29 | 000,001,268 | ---- | C] () -- C:\Users\Baumkind\Desktop\Spybot - Search & Destroy.lnk [2012.09.22 14:19:29 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.09.21 23:37:04 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\Access.dat [2012.09.21 23:36:08 | 000,000,222 | ---- | C] () -- C:\Users\Baumkind\Desktop\Torchlight II.url [2012.09.21 23:33:37 | 000,000,221 | ---- | C] () -- C:\Users\Baumkind\Desktop\Torchlight.url [2012.09.21 23:15:39 | 636,908,235 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.09.21 18:54:17 | 000,000,221 | ---- | C] () -- C:\Users\Baumkind\Desktop\Borderlands 2.url [2012.09.21 14:12:55 | 000,001,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk [2012.09.21 14:12:55 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2012.09.20 18:01:46 | 000,024,869 | ---- | C] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-004.jpg [2012.09.20 17:58:18 | 000,020,801 | ---- | C] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-003.jpg [2012.09.20 17:52:25 | 000,154,610 | ---- | C] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-002.jpg [2012.09.20 17:44:52 | 000,204,658 | ---- | C] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer-001.jpg [2012.09.20 17:35:34 | 001,964,488 | ---- | C] () -- C:\Users\Baumkind\Desktop\SchulpartyFlyer.jpg [2012.09.20 17:33:34 | 000,768,769 | ---- | C] () -- C:\Users\Baumkind\Desktop\FLYERSTREETARTPARTY.pdf [2012.09.13 00:12:04 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.09.12 22:12:25 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.09.11 12:09:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.08.27 21:36:03 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.08.27 21:36:03 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.08.27 01:46:28 | 000,000,219 | ---- | C] () -- C:\Users\Baumkind\Desktop\Left 4 Dead 2.url [2012.08.27 01:46:28 | 000,000,219 | ---- | C] () -- C:\Users\Baumkind\Desktop\Left 4 Dead 2 Add-on Support.url [2012.08.26 22:40:18 | 000,000,221 | ---- | C] () -- C:\Users\Baumkind\Desktop\ARMA 2 Operation Arrowhead.url [2012.08.26 00:42:57 | 000,000,221 | ---- | C] () -- C:\Users\Baumkind\Desktop\ARMA 2.url [2012.08.25 01:46:58 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.24 22:00:22 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beatport Downloader.lnk [2012.08.24 22:00:22 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Beatport Downloader.lnk [2012.08.15 18:16:16 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin [2012.08.15 17:33:40 | 000,111,928 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012.08.15 17:33:36 | 002,793,768 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe [2012.08.15 17:33:36 | 000,066,872 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2012.07.25 15:26:47 | 000,000,100 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini [2012.07.25 14:41:10 | 000,120,200 | ---- | C] () -- C:\windows\SysWow64\DLLDEV32i.dll [2012.03.19 23:37:12 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012.03.19 23:37:12 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.03.19 22:23:38 | 013,024,256 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012.03.15 10:19:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.15 10:01:16 | 000,001,313 | ---- | C] () -- C:\windows\THXCfg_SP_APOIM.ini [2012.03.15 10:01:16 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_HP_APOIM.ini [2012.03.15 10:01:16 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_APOIM.ini [2012.03.15 10:01:14 | 000,182,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL [2012.03.15 10:01:14 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL [2008.03.07 18:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.03.07 15:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2012.08.02 04:51:43 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\LocalLow\Microsoft\Silverlight\is\44doroe4.jit\342cglad.2oz\1\l [2012.07.31 18:35:06 | 000,000,043 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3664255064-580672183-1075423204-1001\$R4KZ0MU\n.gif [2009.07.14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini ========== LOP Check ========== [2012.08.24 22:00:24 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\com.beatport.BeatportDownloader [2012.09.20 18:37:13 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\DVDVideoSoft [2012.07.27 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.04 03:18:30 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\Image-Line [2012.07.25 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\LolClient [2012.07.25 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\MAGIX [2012.08.27 00:13:46 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\runic games [2012.08.27 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\six-updater [2012.08.27 01:39:08 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\six-zsync [2012.08.31 01:17:11 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\TS3Client [2012.07.25 23:01:30 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\ts3overlay [2012.09.22 06:07:56 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\Tunngle [2012.09.21 21:38:09 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\UnknownApplicationVendor [2012.09.12 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\uTorrent [2012.07.28 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\Baumkind\AppData\Roaming\Vodafone ========== Purity Check ========== < End of report > Extra.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.09.2012 17:04:59 - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Baumkind\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 48,69% Memory free
15,80 Gb Paging File | 11,12 Gb Available in Paging File | 70,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 411,91 Gb Total Space | 84,75 Gb Free Space | 20,58% Space Free | Partition Type: NTFS
Drive D: | 274,60 Gb Total Space | 269,14 Gb Free Space | 98,01% Space Free | Partition Type: NTFS
Drive E: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BAUMKIND-MSI | User Name: Baumkind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3664255064-580672183-1075423204-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{179DB465-E670-4320-9B9A-8481DC202F9C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{590F768A-D66F-4EC0-8D03-7CDD86C9A3DA}" = rport=4171 | protocol=17 | dir=out | name=tl2 4171 out |
"{613FC915-876E-4D70-B41D-F64D38996D1D}" = lport=4171 | protocol=17 | dir=in | name=torchlight 2 port 4171 |
"{AFE7C32D-378B-44D7-B3FE-454E9C994879}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BD54F953-9936-4302-996B-AAAC2A426466}" = lport=4171 | protocol=17 | dir=in | name=torchlight 2 port 4171 |
"{C32BBAC3-F5CF-4E81-BF14-130822313CF3}" = lport=4171 | protocol=17 | dir=in | name=torchlight 2 port 4171 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063EBE60-BA1B-4E98-B15B-D338226E7A05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{118AC277-061E-44FB-90D0-3309500B3962}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{13D398FB-04D8-490F-9A9B-18104E85D275}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{1488E09F-B330-48DD-9ED3-621F14FF4627}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{15DC98DE-49CA-4B46-BD0A-4CA8E6498337}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{17A708E8-6FA6-482F-8419-5BE666FE1EB6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{1B2486FF-306B-46ED-997D-258418F95001}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1B6185FC-9DD3-4193-BB1C-1C08BEBE6D97}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1F2D4616-7F66-4CBB-87CF-0C19AFFA3520}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1FA333D6-F5C3-485C-A2A2-8313B554002D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{209A2DEA-3788-4823-9DC9-8A8B323C14E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{222E80B1-8437-4B91-84AD-CF5F66135702}" = dir=in | app=c:\users\baumkind\appdata\local\microsoft\skydrive\skydrive.exe |
"{22579502-975E-49E9-9C2B-D6C2412936B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{23D7B453-213A-4F96-A0D6-0DF09310FA32}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma\arma.exe |
"{281001EF-DD4A-4D08-B5AF-04D38137481D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{2B98FA12-952C-4943-9334-4299FF2C89B7}" = protocol=17 | dir=in | app=c:\program files\arma\arma.exe |
"{2C1346E6-84D4-42F6-B448-8D4BC95936A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2F2AE682-9EB3-4BBE-9A05-5EDDC436132D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{31641A32-5B9C-40B6-822E-A62B404C7CD2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{32A2DDB9-8031-4EA3-836B-40BCB50AA631}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{36358F9F-8ACA-48A2-AECE-49FD9EBF0BFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3829F144-C213-4749-BFE9-3DA0125085FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3BD0CB67-27B1-4DC8-B3D4-FFC4913EB061}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe |
"{4160970A-F8A5-46E1-B94A-44DA256CA118}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4422618E-C7F5-4A4F-AE0F-8CAEB864A9E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{49771474-D522-4A26-A288-60B9ECAA626D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A896A0B-DFE7-4990-B96D-2961D4B9DB16}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{525F012E-D09C-42AA-8AD8-E13732E0E388}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{52FE0634-B4D3-4EDB-9D33-52A7AE13D411}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{551C22C2-6181-4299-BDB0-01927B1DB8A2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{58C1264C-0527-4B14-8753-00A7AFFC84C3}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma\arma.exe |
"{5E1A56B0-E1CA-448C-93F3-D881FCD83564}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{619ABEEB-6DC7-488B-A221-C53E80046EFB}" = protocol=6 | dir=in | app=c:\program files\arma\arma.exe |
"{66EA690C-0AD1-4D4B-A547-99E080DE4B61}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6954ED6D-3485-45A0-ACBD-0D39777C1B43}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{6B0C31E8-0E3F-45DC-9509-FAB28931100A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AF385E7-92DE-4BAA-8F6E-3584C064991F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{7EA32614-30F3-4924-AD2C-A4C326860E8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8136847C-8A4B-4E45-8F63-D322FF038926}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{826ACE21-4E4A-4E4C-8C02-07CCB95D3E92}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8D571F44-5A8B-4309-B6BF-66961CA9ECEC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{900D4771-DCDC-4503-A3C5-06ED595CD4E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A3F541D7-BBDE-421C-8EA5-849DB7498A4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A9266342-D4BE-4EB1-8186-47643C4E88F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{ADB574CA-6421-4E1D-8C86-6DCE1BD87F15}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{C7269555-9B81-4B1E-8F07-C8CC35AA7EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{CA5DA79F-897E-45D3-BA0D-F1937A068908}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6911ECD-6903-4201-B4FF-7DCC242EC844}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D863AFAB-3119-47DF-A65F-67B7D75FF50C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DA2C1C9A-39BA-4EED-8D8C-9AB48C7A61DC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{DEE68E83-456D-457C-A920-0B9A1C7ABB64}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{E005194B-6D44-49AF-AD96-80EA32AD8FED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{E0108C70-1D66-4288-A197-D609FBF54E86}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F150D4F8-0B34-49CF-B08D-F668733E49EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FDA3B6A3-124C-4A0B-BDB0-C69CDDAA0456}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"TCP Query User{0E34C515-A8CC-4E1E-9C13-F39FE312AD71}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{11335656-9B00-4574-9389-21FA2FD3A021}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{26286E94-8928-43EE-A4BE-79528F76EE95}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{8C1FBF27-D32E-4207-AD8D-167EC1AEF0AE}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{8F477DD9-697B-4F6D-ACB4-2EB912983B75}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{A0AE181B-9EE3-44A0-BB75-4EB9D0DEC762}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"TCP Query User{B872F0A5-C38F-4EA2-BD63-85F0AFD7AFB4}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"TCP Query User{C529EC90-3D44-49D5-B656-3C9FBA1048BD}C:\program files\informatik\eclipse\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\informatik\eclipse\bin\javaw.exe |
"TCP Query User{CF8B00E8-1BBF-4B57-8F85-D1763DBD5E2F}C:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"TCP Query User{FCBFD292-0111-475B-A8D8-363D1ADF12FD}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{0C509DD3-D94F-402B-B7A6-98C2CB772C5E}C:\program files\informatik\eclipse\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\informatik\eclipse\bin\javaw.exe |
"UDP Query User{15D75866-C684-4DBA-921F-7C3ED82B4DF1}C:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six networks\play withsix\tools\bin\rsync.exe |
"UDP Query User{3F338930-7588-4F1F-85BA-0A0C3AFB5B90}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{40835CCD-C12F-44D3-9230-2CED00CC4F5B}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{5A11C89F-4165-4D8B-AB7E-A12738B3CB02}C:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2serverlauncher.exe |
"UDP Query User{5AC97C44-6A14-4DB3-B735-AA20900166CD}C:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"UDP Query User{80179754-7AC7-4293-89FD-BD762E496139}C:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{9098EB7B-9817-441B-B975-8E980EFBFF7D}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{BF7948EB-E871-4A31-B60D-C2DE355513F1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{F380D8AC-26E2-4C48-8BAF-8753D58BBF47}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{09BB8307-BD8F-4E92-9918-A4BAFD0638B3}" = Native Instruments VC 2A
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library
"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs
"{1745A39F-7F25-4ADA-8ADA-FD84A6301696}" = Native Instruments VC 76
"{1AE269AE-561D-4889-8A13-C1254ACBD025}" = Native Instruments Abbey Road 80s Drums
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ Driver
"{24873332-B98B-4235-ABBA-CCDEACC62BB9}" = Native Instruments Traktor Audio 6 Driver
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{28327E39-F691-44D4-BDE5-9B5B251ADD63}" = Native Instruments Komplete 8 Ultimate
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Mobile I/O
"{3054FEFA-4748-4cf0-8C3C-8DB887DE379F}" = Native Instruments Traktor Audio 2 Driver
"{305CA7E5-C739-48e2-B247-584C0E1B717C}" = Native Instruments Traktor Audio 10 Driver
"{33355583-296A-4E06-A129-6A5739529F1A}" = Native Instruments VC 2A for Maschine
"{33A9A927-73C9-4607-B8FD-A904257E978E}" = Native Instruments Solid Dynamics for Maschine
"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor
"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand
"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5
"{434CC4CB-0183-4CDE-BE7F-00230BE26494}" = Native Instruments The Mouth
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{4FEF843C-5829-4F1B-AC4A-02B1C1D9CD1D}" = Native Instruments Reflektor for Maschine
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism
"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2
"{5D1224E0-6777-4536-9D72-B0E151ED8C99}" = Native Instruments Battery Library Importer for Maschine
"{5FC09265-8AAD-410D-B88D-EBAA41327056}" = Native Instruments Scarbee Funk Guitarist
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{608EF1C8-5671-4C8B-A4B5-B428A2DF7715}" = Native Instruments Solid Bus Comp for Maschine
"{60BB45B2-E8E4-41C5-B69F-C6DC5D991DF5}" = Native Instruments Abbey Road 60s Drums
"{6481C64D-3B62-4D03-8AFB-7A485762F157}" = Native Instruments VC 160 for Maschine
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{67e13682-a5ba-4f12-ac10-4b41eacb82da}" = Native Instruments Alicias Keys
"{6969a180-13e1-4393-8265-98d11903375c}" = Native Instruments Evolve Mutations 2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.5
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{74BAEC6B-6FE3-455D-894D-94C488613823}" = M-Audio KeyStudio49i Driver 6.0.1 (x64)
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O
"{817B77D5-6BFC-4CD5-BD23-88C2C53B9A4C}" = Native Instruments Solid Dynamics
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{86F4B370-079C-4EF9-B727-452B85CFA415}" = Native Instruments Retro Machines Mk2
"{8812511F-8D8C-49D3-A711-C9650B2F5566}" = Native Instruments Guitar Rig Pro Library for Maschine
"{88E45461-E8D2-4BCA-BDEC-0405E6FB4817}" = Native Instruments Transient Master
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{906E3E41-5259-4C3B-A5EB-3B7F63AFEDB5}" = Native Instruments VC 160
"{908177CD-FC53-4B56-8BF4-DE422F8D3C75}" = Native Instruments Traktors 12 for Maschine
"{92C4CBF6-0D9F-472B-A21A-8D4D7E003C40}" = Native Instruments Solid Bus Comp
"{93E2F252-D0F1-461A-9823-A2535D779E6E}" = Native Instruments Rammfire for Maschine
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand
"{9c1b2ca5-bf9c-4b3e-b5ac-49a9133896a3}" = Native Instruments Scarbee Jay-Bass
"{9D3BAEFB-5DDD-43D4-8BB2-D9989521F003}" = Native Instruments Razor
"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass
"{A8732D97-1D5F-45AE-B04C-6FE5C9A18AED}" = Native Instruments Solid EQ
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AA2F4574-FD46-4897-8791-CD6CCD80E882}" = Native Instruments Evolve Mutations
"{b0c719eb-4c55-4b54-b37a-38b6fcd7116c}" = Native Instruments Scarbee MM-Bass Amped
"{b125d937-9582-450d-951e-7b53bd94d16d}" = Native Instruments Balinese Gamelan
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3
"{C40C08A5-A7AF-43B2-BF93-7CF67719D194}" = Native Instruments Scarbee Pre-Bass
"{C983C1A3-2D12-4304-9EC6-F87CE78216E5}" = Native Instruments VC 76 for Maschine
"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12
"{CE09E66D-167D-48A0-8196-5385A8C6469C}" = Native Instruments Solid EQ for Maschine
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire
"{D69D39FC-DCC0-43F4-9524-043EE9F1C329}" = Native Instruments Abbey Road Modern Drums
"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano
"{DDDE5B61-19BD-4F64-B14C-5F81DB56DF3E}" = Native Instruments George Duke Soul Treasures
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{E0BB5D87-62DC-4ABD-AC2F-A743EEA31F57}" = Native Instruments Transient Master for Maschine
"{E1B6008F-26D8-47BF-B585-6518AFE73557}" = Native Instruments Scarbee Pre-Bass Amped
"{e90698e9-2c52-4079-aa1d-b341f0f5b036}" = Native Instruments Abbey Road 70s Drums
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{f62a8337-2009-40b7-af47-0a2a1371645c}" = Native Instruments Maschine Drum Selection
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"{FCD398EC-9A6C-478D-82AC-96AE6FEF585D}" = Native Instruments Session Strings Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1951F3A1-110D-4F5B-8346-9D0E735A54E0}" = Windows Live Writer
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}" = MSI Software Install
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39BDC923-826E-4007-8179-50E7C570E545}" = S-Bar
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EAE58C0-7C36-40C3-ACED-0CABF2F46BCF}" = Windows Live Writer Resources
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{46B14AF1-EDFA-4088-AB2B-22A8128A1C54}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = Battery Calibration
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D1898F-DFAE-4E0F-B57A-97F5F557EA3A}" = Windows Live Messenger
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{7541F284-7167-4729-B1C1-0A3F7FC38EF3}" = Windows Live Messenger
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{803D4B7D-71CD-46B9-8F89-8BFD73920FAF}" = Windows Live UX Platform Language Pack
"{810EED37-2024-4C10-B266-5A8CCB3D1A65}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95193654-3EF2-4D17-8503-9F80B56D9ED5}" = MSI VGA Overclock Tool
"{959BC6D1-38C8-441F-9466-9ECCD4E68413}" = Galería de fotos
"{97373E60-D071-418A-87F1-A969EEEEBDAC}" = Windows Live Essentials
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A048F6D6-BECE-D521-9BC9-B8806BFB118C}" = Beatport Downloader
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A61E1C37-814A-42D8-8CF6-E49D729A4A9B}" = Windows Live Writer
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFFBC271-AA8F-4908-BEAE-491B96AC57C4}" = Windows Live Mail
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDA04BEC-2F20-4E3C-A0E0-D75C8DE255D8}" = Windows Live Writer Resources
"{D0873221-A48B-4A2F-9D34-5F0C21725CF5}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D969C468-FCB8-4BFF-A480-33C0A6F7EA64}" = Windows Live Mail
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1DA4302-1C06-4533-AF6D-9D68B01FCB34}" = Movie Maker
"{E60D9CA8-14A6-4F56-BA12-D9D8C8004E09}" = Windows Live Messenger
"{EA53D435-3740-4513-A519-484D2BF659FA}" = Windows Live Writer Resources
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA" = ArmA Uninstall
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"com.beatport.BeatportDownloader" = Beatport Downloader
"FL Studio 10" = FL Studio 10
"Free Studio_is1" = Free Studio version 5.6.3.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4DEA5B85-6C56-45F3-AE00-FED756B0D3B4}" = KLM
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"LOLReplay" = LOLReplay
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Abbey Road 60s Drums" = Native Instruments Abbey Road 60s Drums
"Native Instruments Abbey Road 70s Drums" = Native Instruments Abbey Road 70s Drums
"Native Instruments Abbey Road 80s Drums" = Native Instruments Abbey Road 80s Drums
"Native Instruments Abbey Road Modern Drums" = Native Instruments Abbey Road Modern Drums
"Native Instruments Absynth 5" = Native Instruments Absynth 5
"Native Instruments Alicias Keys" = Native Instruments Alicias Keys
"Native Instruments Audio 2 DJ Driver" = Native Instruments Audio 2 DJ Driver
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Balinese Gamelan" = Native Instruments Balinese Gamelan
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Battery Library Importer for Maschine" = Native Instruments Battery Library Importer for Maschine
"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Evolve Mutations" = Native Instruments Evolve Mutations
"Native Instruments Evolve Mutations 2" = Native Instruments Evolve Mutations 2
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments George Duke Soul Treasures" = Native Instruments George Duke Soul Treasures
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Mobile I/O" = Native Instruments Guitar Rig Mobile I/O
"Native Instruments Guitar Rig Pro Library for Maschine" = Native Instruments Guitar Rig Pro Library for Maschine
"Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O
"Native Instruments Komplete 8 Ultimate" = Native Instruments Komplete 8 Ultimate
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller" = Native Instruments Maschine Controller
"Native Instruments Maschine Drum Selection" = Native Instruments Maschine Drum Selection
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand
"Native Instruments Rammfire" = Native Instruments Rammfire
"Native Instruments Rammfire for Maschine" = Native Instruments Rammfire for Maschine
"Native Instruments Razor" = Native Instruments Razor
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Reflektor" = Native Instruments Reflektor
"Native Instruments Reflektor for Maschine" = Native Instruments Reflektor for Maschine
"Native Instruments Retro Machines Mk2" = Native Instruments Retro Machines Mk2
"Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3
"Native Instruments Scarbee Funk Guitarist" = Native Instruments Scarbee Funk Guitarist
"Native Instruments Scarbee Jay-Bass" = Native Instruments Scarbee Jay-Bass
"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass
"Native Instruments Scarbee MM-Bass Amped" = Native Instruments Scarbee MM-Bass Amped
"Native Instruments Scarbee Pre-Bass" = Native Instruments Scarbee Pre-Bass
"Native Instruments Scarbee Pre-Bass Amped" = Native Instruments Scarbee Pre-Bass Amped
"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session Strings Pro" = Native Instruments Session Strings Pro
"Native Instruments Solid Bus Comp" = Native Instruments Solid Bus Comp
"Native Instruments Solid Bus Comp for Maschine" = Native Instruments Solid Bus Comp for Maschine
"Native Instruments Solid Dynamics" = Native Instruments Solid Dynamics
"Native Instruments Solid Dynamics for Maschine" = Native Instruments Solid Dynamics for Maschine
"Native Instruments Solid EQ" = Native Instruments Solid EQ
"Native Instruments Solid EQ for Maschine" = Native Instruments Solid EQ for Maschine
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Native Instruments The Finger R2" = Native Instruments The Finger R2
"Native Instruments The Mouth" = Native Instruments The Mouth
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 10 Driver" = Native Instruments Traktor Audio 10 Driver
"Native Instruments Traktor Audio 2 Driver" = Native Instruments Traktor Audio 2 Driver
"Native Instruments Traktor Audio 6 Driver" = Native Instruments Traktor Audio 6 Driver
"Native Instruments Traktors 12" = Native Instruments Traktors 12
"Native Instruments Traktors 12 for Maschine" = Native Instruments Traktors 12 for Maschine
"Native Instruments Transient Master" = Native Instruments Transient Master
"Native Instruments Transient Master for Maschine" = Native Instruments Transient Master for Maschine
"Native Instruments Upright Piano" = Native Instruments Upright Piano
"Native Instruments VC 160" = Native Instruments VC 160
"Native Instruments VC 160 for Maschine" = Native Instruments VC 160 for Maschine
"Native Instruments VC 2A" = Native Instruments VC 2A
"Native Instruments VC 2A for Maschine" = Native Instruments VC 2A for Maschine
"Native Instruments VC 76" = Native Instruments VC 76
"Native Instruments VC 76 for Maschine" = Native Instruments VC 76 for Maschine
"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand
"Native Instruments Vintage Organs" = Native Instruments Vintage Organs
"Native Instruments West Africa" = Native Instruments West Africa
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Steam App 200710" = Torchlight II
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 39160" = Dungeon Siege III
"Steam App 41500" = Torchlight
"Steam App 43110" = Metro 2033
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"uTorrent" = µTorrent
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.46
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3664255064-580672183-1075423204-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2012 11:23:59 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20046
Error - 09.09.2012 11:24:00 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2012 11:24:00 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21060
Error - 09.09.2012 11:24:00 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21060
Error - 09.09.2012 11:24:01 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2012 11:24:01 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 22214
Error - 09.09.2012 11:24:01 | Computer Name = Baumkind-MSI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 22214
Error - 09.09.2012 14:10:17 | Computer Name = Baumkind-MSI | Source = WinMgmt | ID = 10
Description =
Error - 10.09.2012 05:38:47 | Computer Name = Baumkind-MSI | Source = WinMgmt | ID = 10
Description =
Error - 10.09.2012 12:24:13 | Computer Name = Baumkind-MSI | Source = Application Hang | ID = 1002
Description = Programm FL.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 944 Startzeit:
01cd8f7026dcb45a Endzeit: 9 Anwendungspfad: C:\Program Files (x86)\Image-Line\FL Studio
10\FL.exe Berichts-ID: f352259f-fb63-11e1-b606-8c89a5024998
[ Media Center Events ]
Error - 17.08.2012 08:17:10 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 14:17:10 - Fehler beim Herstellen der Internetverbindung. 14:17:10
- Serververbindung konnte nicht hergestellt werden..
Error - 17.08.2012 08:17:15 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 14:17:15 - Fehler beim Herstellen der Internetverbindung. 14:17:15
- Serververbindung konnte nicht hergestellt werden..
Error - 17.08.2012 13:28:22 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 19:28:21 - Fehler beim Herstellen der Internetverbindung. 19:28:21
- Serververbindung konnte nicht hergestellt werden..
Error - 17.08.2012 13:28:34 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 19:28:27 - Fehler beim Herstellen der Internetverbindung. 19:28:27
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2012 04:21:51 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 10:21:51 - Fehler beim Herstellen der Internetverbindung. 10:21:51
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2012 04:22:03 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 10:21:56 - Fehler beim Herstellen der Internetverbindung. 10:21:56
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2012 09:14:45 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 15:14:45 - Fehler beim Herstellen der Internetverbindung. 15:14:45
- Serververbindung konnte nicht hergestellt werden..
Error - 19.08.2012 09:14:56 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 15:14:50 - Fehler beim Herstellen der Internetverbindung. 15:14:50
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 08:25:50 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 14:25:50 - Fehler beim Herstellen der Internetverbindung. 14:25:50
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 08:26:03 | Computer Name = Baumkind-MSI | Source = MCUpdate | ID = 0
Description = 14:25:55 - Fehler beim Herstellen der Internetverbindung. 14:25:55
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 17.09.2012 08:55:56 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 17.09.2012 08:55:56 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 18.09.2012 05:17:56 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 18.09.2012 05:17:56 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 19.09.2012 02:40:54 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 19.09.2012 02:40:54 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 20.09.2012 06:14:54 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.09.2012 06:14:54 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 20.09.2012 07:51:49 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 20.09.2012 07:51:49 | Computer Name = Baumkind-MSI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
Hier die Ergebnisse eines kompletten Antivir Scans: Warnungen: 17 C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RI1NLBF.incomplete [WARNUNG] Unerwartetes Dateiende erreicht C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RJ94NUF.incomplete [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RMSE0NH.incomplete [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RR40W8E.incomplete [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Program Files (x86)\WinRAR 3.61 Multi\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\ProgramData\Microsoft\WLSetup\wlt2279.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wlt818A.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wlt8811.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wltB5DF.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wltB977.tmp [WARNUNG] Der Archivheader ist defekt C:\Users\Baumkind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN2IZY4M\Firefox_Setup_14.0.1[1].exe [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Users\Baumkind\Downloads\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Baumkind\Downloads\avira_free_antivirus_de12001199.exe [WARNUNG] Die Datei ist kennwortgeschützt Funde: 0 Fehler: 4 Reaktor 5 5.7.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! Massive 1.3.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! Absynth 5 5.1.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! Object [WARNUNG] Die Datei konnte nicht gelesen werden! Hier der gesamte Scan: Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 22. September 2012 14:31 Es wird nach 4250776 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Baumkind Computername : BAUMKIND-MSI Versionsinformationen: BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00 AVSCAN.EXE : 12.3.0.33 468472 Bytes 07.09.2012 16:25:55 AVSCAN.DLL : 12.3.0.15 66256 Bytes 07.09.2012 16:26:03 LUKE.DLL : 12.3.0.15 68304 Bytes 07.09.2012 16:25:59 AVSCPLR.DLL : 12.3.0.27 97064 Bytes 07.09.2012 16:25:55 AVREG.DLL : 12.3.0.33 232232 Bytes 07.09.2012 16:25:55 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 16:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 21:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 07:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:37:35 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 16:26:03 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 16:37:27 VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 16:37:27 VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 16:37:27 VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 16:37:27 VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 16:37:27 VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 16:37:27 VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 16:37:27 VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 16:37:27 VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 10:22:24 VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 10:22:24 VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 10:22:25 VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 10:22:26 VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 10:22:26 VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 10:22:26 VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 10:22:27 VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 10:22:27 VBASE022.VDF : 7.11.43.188 2048 Bytes 21.09.2012 10:22:27 VBASE023.VDF : 7.11.43.189 2048 Bytes 21.09.2012 10:22:27 VBASE024.VDF : 7.11.43.190 2048 Bytes 21.09.2012 10:22:27 VBASE025.VDF : 7.11.43.191 2048 Bytes 21.09.2012 10:22:28 VBASE026.VDF : 7.11.43.192 2048 Bytes 21.09.2012 10:22:28 VBASE027.VDF : 7.11.43.193 2048 Bytes 21.09.2012 10:22:28 VBASE028.VDF : 7.11.43.194 2048 Bytes 21.09.2012 10:22:28 VBASE029.VDF : 7.11.43.195 2048 Bytes 21.09.2012 10:22:28 VBASE030.VDF : 7.11.43.196 2048 Bytes 21.09.2012 10:22:28 VBASE031.VDF : 7.11.43.222 80896 Bytes 22.09.2012 10:22:28 Engineversion : 8.2.10.164 AEVDF.DLL : 8.1.2.10 102772 Bytes 07.09.2012 16:25:51 AESCRIPT.DLL : 8.1.4.54 459131 Bytes 22.09.2012 10:22:37 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 14:11:36 AESBX.DLL : 8.2.5.12 606578 Bytes 07.09.2012 16:25:51 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 21:21:32 AEPACK.DLL : 8.3.0.36 811382 Bytes 22.09.2012 10:22:36 AEOFFICE.DLL : 8.1.2.42 201083 Bytes 07.09.2012 16:25:50 AEHEUR.DLL : 8.1.4.100 5280120 Bytes 22.09.2012 10:22:35 AEHELP.DLL : 8.1.23.2 258422 Bytes 07.09.2012 16:25:49 AEGEN.DLL : 8.1.5.36 434549 Bytes 07.09.2012 16:37:40 AEEXP.DLL : 8.1.0.86 90484 Bytes 07.09.2012 16:37:40 AEEMU.DLL : 8.1.3.2 393587 Bytes 07.09.2012 16:25:49 AECORE.DLL : 8.1.27.4 201078 Bytes 07.09.2012 16:37:40 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 21:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 07.09.2012 16:25:56 AVPREF.DLL : 12.3.0.15 51920 Bytes 07.09.2012 16:25:55 AVREP.DLL : 12.3.0.15 179208 Bytes 07.09.2012 16:25:55 AVARKT.DLL : 12.3.0.15 211408 Bytes 07.09.2012 16:25:54 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 07.09.2012 16:25:54 SQLITE3.DLL : 3.7.0.1 398288 Bytes 07.09.2012 16:26:01 AVSMTP.DLL : 12.3.0.32 63480 Bytes 07.09.2012 16:25:55 NETNT.DLL : 12.3.0.15 17104 Bytes 07.09.2012 16:25:59 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 07.09.2012 16:26:04 RCTEXT.DLL : 12.3.0.31 100088 Bytes 07.09.2012 16:26:04 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 22. September 2012 14:31 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'TeaTimer.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SpybotSD.exe' - '84' Modul(e) wurden durchsucht Durchsuche Prozess 'iviRegMgr.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'mscorsvw.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'BTPlayerCtrl.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'mediasrv.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'obexsrv.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'VMCService.exe' - '79' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'ChargeService.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'MobileConnect.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'YCMMirage.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'THXAudio.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'VGAOCAP.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'KLM.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'Super-Charger.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'iusb3mon.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '160' Modul(e) wurden durchsucht Durchsuche Prozess 'MSIService.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'FABS.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'devmonsrv.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '3491' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS_Install> C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RI1NLBF.incomplete [WARNUNG] Unerwartetes Dateiende erreicht C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RJ94NUF.incomplete [0] Archivtyp: ZIP --> Reaktor 5 5.7.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RMSE0NH.incomplete [0] Archivtyp: ZIP --> Massive 1.3.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! C:\$Recycle.Bin\S-1-5-21-3664255064-580672183-1075423204-1001\$RR40W8E.incomplete [0] Archivtyp: ZIP --> Absynth 5 5.1.1 Setup PC.exe [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Program Files (x86)\WinRAR 3.61 Multi\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\ProgramData\Microsoft\WLSetup\wlt2279.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wlt818A.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wlt8811.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wltB5DF.tmp [WARNUNG] Der Archivheader ist defekt C:\ProgramData\Microsoft\WLSetup\wltB977.tmp [WARNUNG] Der Archivheader ist defekt C:\Users\Baumkind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN2IZY4M\Firefox_Setup_14.0.1[1].exe --> Object [WARNUNG] Die Datei konnte nicht gelesen werden! [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Users\Baumkind\Downloads\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\Baumkind\Downloads\avira_free_antivirus_de12001199.exe [WARNUNG] Die Datei ist kennwortgeschützt Beginne mit der Suche in 'D:\' <Data> Ende des Suchlaufs: Samstag, 22. September 2012 17:47 Benötigte Zeit: 3:16:28 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 38227 Verzeichnisse wurden überprüft 1341271 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1341271 Dateien ohne Befall 7452 Archive wurden durchsucht 17 Warnungen 0 Hinweise 802220 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Weiterer Scan im zweiten Post. |
| Themen zu 79.111.*.* - Werde im Netz unter einer Falschen IP-Adresse erkannt und in Foren als Spambot geblockt. |
| antivir, askbar, avira, bho, bonjour, converter, desktop, error, fehler, firefox, flash player, google, helper, home, install.exe, ip-adresse, logfile, mozilla, mp3, msvcrt, nvidia update, nvpciflt.sys, plug-in, problem, programm, realtek, recycle.bin, registry, root kit, safer networking, scan, software, spambot, spark, teamspeak, usb, usb 3.0, vodafone, windows, wscript.exe |
Baum-Darstellung