Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.05.2013, 13:17   #1
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Icon16

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Heyho,

wie in dieser Frage http://www.trojaner-board.de/134171-...rt-runter.html
(in der ich leider nicht antworten konnte) habe ich das gleiche Problem.
Abgesicherter Modus fährt sofort wieder runter und normal der weiße Bildschirm mit Zahlungsaufforderung.

Habe schonmal den ersten Schritt ausgeführt: OTL.exe vom USB-Stick durch Abgesicherten Modus mit Eingabeaufforderung.

Dabei kam raus:
OTL

Code:
ATTFilter
OTL logfile created on: 13.05.2013 13:44:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 87,73% Memory free
6,49 Gb Paging File | 6,12 Gb Available in Paging File | 94,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,13 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,35 Gb Free Space | 9,35% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive F: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,89 Gb Total Space | 1,56 Gb Free Space | 82,69% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 13:33:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.11 15:35:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- E:\teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.03 19:05:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 11:44:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- E:\Program Files\VMC\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2013.05.13 13:38:56 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.02 12:23:05 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.07.06 04:22:55 | 000,648,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2011.07.03 19:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 19:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.07 11:21:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011.03.07 11:21:28 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011.03.07 11:20:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011.03.07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011.02.12 17:39:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.12 17:39:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.12 16:17:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.de.maxiwe.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.de.maxiwe.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.de.maxiwe.com
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DD D2 D4 53 D0 CB 01  [binary data]
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes,DefaultScope = {D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{C89A4C31-E138-41b2-A7C7-7A30DB2C13CD}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: E:\Program Files\VMC\Optimization Client\addon\ [2011.02.28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
 
[2011.03.05 21:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Extensions
[2012.11.04 14:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions
[2012.08.02 16:42:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.14 13:31:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 14:50:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\ffxtlbra@softonic.com
[2012.11.04 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\staged
[2012.11.04 14:29:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-1.xml
[2011.10.05 21:25:09 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-10.xml
[2011.11.13 15:22:11 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-11.xml
[2012.03.30 12:33:44 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-12.xml
[2011.06.11 15:14:33 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-2.xml
[2011.07.11 02:20:18 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-3.xml
[2011.08.15 16:57:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-4.xml
[2011.08.22 16:58:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-5.xml
[2011.09.01 21:10:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-6.xml
[2011.09.05 18:46:26 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-7.xml
[2011.09.08 23:24:58 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-8.xml
[2011.09.09 20:00:38 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = E:\Program Files\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = E:\Program Files\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
Hosts file not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [Spotify Web Helper] C:\Users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: drei.to ([games] https in Trusted sites)
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: x7.to ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A48842B-B5EF-4C72-95D0-6B6A8D3E40CC}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9927F8A-4FBE-4E06-802A-9286DB433134}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 17:24:44 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7f1448a0-36a8-11e0-a9ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f1448a0-36a8-11e0-a9ac-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe -- [2004.10.21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{c7437061-ab25-11e0-8f2c-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{c7437061-ab25-11e0-8f2c-00a0c6000000}\Shell\AutoRun\command - "" = I:\ZTE_Handset_USB_Driver.exe
O33 - MountPoints2\{df2d72aa-d6de-11e0-8a52-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{df2d72aa-d6de-11e0-8a52-00a0c6000000}\Shell\AutoRun\command - "" = N:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.12 16:31:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Männertag 2013
[2013.05.10 11:47:45 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Mt13
[2013.04.29 23:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013.04.29 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013.04.18 16:23:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\DSK Praktikum
[2013.04.14 16:56:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2013.04.14 13:09:29 | 000,000,000 | ---D | C] -- C:\Bilder N
[2013.04.14 12:08:51 | 000,000,000 | ---D | C] -- C:\Windows\San Andreas Mod Installer
[2013.04.14 12:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Mod Installer
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.27 20:03:52 | 003,449,138 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2014.01.27 19:37:50 | 002,089,078 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.13 13:43:17 | 000,664,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.13 13:43:17 | 000,624,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.13 13:43:17 | 000,134,932 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.13 13:43:17 | 000,110,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.13 13:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 13:41:20 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 13:38:56 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.13 13:06:33 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.13 13:06:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.13 02:07:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job
[2013.05.13 01:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.13 01:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.12 21:36:39 | 000,054,108 | ---- | M] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 20:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job
[2013.05.12 16:26:14 | 002,216,474 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:22 | 002,409,417 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 16:18:57 | 000,000,823 | ---- | M] () -- D:\Users\figur\Desktop\Rollenbeschreibung.lnk
[2013.05.12 15:17:12 | 001,477,360 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | M] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.12 13:43:32 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.12 13:43:32 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.10 12:03:56 | 000,005,253 | ---- | M] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.04.30 13:18:47 | 003,917,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.13 12:58:43 | 000,000,004 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.12 21:36:47 | 000,054,108 | ---- | C] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 16:34:07 | 002,089,078 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.12 16:31:52 | 003,449,138 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2013.05.12 16:26:14 | 002,216,474 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:08 | 002,409,417 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 16:19:08 | 000,000,823 | ---- | C] () -- D:\Users\figur\Desktop\Rollenbeschreibung.lnk
[2013.05.12 15:12:17 | 001,477,360 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | C] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.08 09:30:33 | 000,005,253 | ---- | C] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.04 22:31:38 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2013.04.04 22:31:38 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2013.03.11 18:04:26 | 000,000,218 | ---- | C] () -- C:\Users\figur\AppData\Local\recently-used.xbel
[2012.07.23 21:28:01 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.03.11 17:08:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.11 16:04:00 | 000,084,480 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.dat
[2012.02.20 15:45:02 | 000,000,287 | ---- | C] () -- C:\Users\figur\AppData\Local\VersionChecker_17.xml
[2012.02.16 20:04:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.09.29 22:14:13 | 000,003,584 | ---- | C] () -- C:\Users\figur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.10 21:23:14 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2011.07.10 21:23:14 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011.06.11 00:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.11 00:36:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.14 14:00:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.14 14:00:35 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.05.2013 13:44:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 87,73% Memory free
6,49 Gb Paging File | 6,12 Gb Available in Paging File | 94,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,13 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,35 Gb Free Space | 9,35% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive F: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,89 Gb Total Space | 1,56 Gb Free Space | 82,69% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\PS CS 6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe" = E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C1869-451E-40AE-A41A-A21E72ED6F3A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{01B8ABAC-1D90-46A3-A55B-AA42E6E8B117}" = rport=138 | protocol=17 | dir=out | app=system | 
"{01B90067-134F-406B-A57B-69F713CF03C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BC26644-28AE-4FC7-A9BE-392A1FB055F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{111682D2-AD4D-4BE0-8D3D-E15DCAA685D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1BC72A23-A3BF-48D4-8F1A-005347C4EC71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3F901FC0-92B8-449C-9D00-796744D2AC18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{429B0F19-5A3E-42B4-8B34-D17A05E68740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{615507E0-A915-45F1-9890-E546C26A209D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{63A28F5F-BFB3-4357-99CC-995434CB79D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{658EDBB1-A304-4021-ABE8-6E50B489EEC5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C00E6A0-F056-40FC-9D20-7E438743FAF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75D64749-451D-4ECD-B074-71AF7652F7EF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7C72D6AB-455C-4EFC-A00E-45555AD3787F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7CC325AD-68A2-4012-AE38-DB18543AEB2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9861FB8D-7B0F-4A87-BA6D-267F710101A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A3EBFCCE-079B-4957-B907-6E9886E6FC50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC93D640-45AC-46A2-9C7A-B6623436BEE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B70EE68F-D0BD-45D1-96FB-AC0CFA1EE368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D46EB686-C5BB-4329-9447-471752DC5782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D601692B-1CD7-4C8B-BFA0-14B75CD05366}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
"{D992DAFB-B762-4729-B88A-7797839FF2C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E38F9C35-F1F8-4064-A6F8-7F86E1B560F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA208381-5C67-4DC4-8B5D-CE824117F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8738809-12F6-45EF-A681-3C31C67DD852}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085B955-56BA-473F-8ED5-A69D8C843E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{02CB7ABC-7A24-4D49-94B8-22E1A1ABB12C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{03A0CE32-38BD-4B08-824E-1F267BB0D92F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{04BA9FAB-3C2B-47C2-8359-427278186989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0559B808-F3D7-4353-AB37-94C4739E7EC0}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{05A13A72-1A66-4971-ADBF-64A144EAB17D}" = protocol=6 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{09A517CD-0FAE-4BFA-9D9D-34CD5F001A47}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{0CC90E07-0D62-467C-BF16-9F654E28F1FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1952F11E-F340-4391-BA41-CDE0BCC9FA73}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{1CCCD02B-4812-4A08-B2D2-091E852BF90C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1CD282C3-6482-4D26-A57D-C39721714315}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{242FEC2E-D375-4A9F-A44D-52D1AD0234DF}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{2AAB60E1-5449-4235-AF33-804975A234D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2BC6B7EE-509B-434C-946A-6AB38F96E8A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EC6259B-8A5D-4C27-AEF0-BCE5D349D45F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{3198636D-011F-47E0-A9F6-E6FA016F22B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{38599AE1-76C5-45FE-A585-6100C76A3573}" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{391D0643-7576-44AA-A0DF-3AB0744B668C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C979D3C-C62C-41AB-9987-97902D843F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CDB117C-BEA0-4959-AFB3-765FD31584D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3EDFFEC1-2B71-46AA-A3F7-C391976538E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{3F6E5F4D-5EF3-4031-AEA9-8EFC03916942}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{47065E43-46D8-45FF-9090-3FDFDE7E67E1}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{4E8D4E6B-4A70-4CDE-9B05-88E828451466}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{557ACC55-17E2-49D8-A67D-135D45A6B0D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{5AE17198-72C0-49B3-BDD9-38D2EE0E7967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AE45DB6-1B63-4352-86A6-AF522EBDEB53}" = protocol=6 | dir=out | app=system | 
"{5B937E7C-ACC8-469F-83AF-4C8A96C3D646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5BE830D5-7C5A-430A-A23C-A7440478D95B}" = protocol=17 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{60E4AD5E-9905-45F7-AE3C-8B06CAAF9D2C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{61DF8C14-1C34-4290-AC65-06F1A5CCF267}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{61FF37CE-5A62-441E-9C82-24F38BBA2090}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{75F8B34C-9AE8-4B3D-85DB-3491709E6797}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BAA0695-CBBA-4E18-95D9-2E7277A72F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{7F4CDBDE-6F13-43EB-ACA6-AD0B235273C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88C722A1-887E-479E-AB09-3A272FA3497D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8F1848E2-E74B-495B-86C3-44696EB70E39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{90AB74DD-BC6F-44F1-8E8B-0266D185BEFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{95EA19CF-7959-44D7-8E79-EFA81EF85AA2}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{997F5F9B-A978-4146-A110-DE7FC3A722DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A94BF7FC-6DBD-4751-AFCC-74E5DB61303D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AA1EFE17-8CAD-4420-B6E6-40712704E40F}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{ADB109C7-3215-4520-9B7D-6AA2CF189466}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{B7E4D3CB-855B-4266-8CF5-C719A5308B1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B9F64E1F-B269-4FE3-91DE-C4A305556699}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA651E00-E545-4DEB-9B36-374004B1A6F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BBB93082-7A5F-41DC-8CCF-A29616BBD961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8657679-17B5-474F-A6A1-7EE6A5DAE3E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA94BBAD-5976-4DEB-B7A7-E79D40FB3490}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{CAB5B3A0-63F3-4957-A442-AB30C83E99FD}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{CDCEC5DE-AE59-495E-A102-E23BCC584025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5E8A7E2-4904-4802-9CC2-CA7130CAF273}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{D8D5D0D6-569C-48EC-9185-0D5C35FF7643}" = protocol=6 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{DC98AD21-6768-4D43-A30D-1AC341F6BA92}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{E60BF77C-2C8B-4595-9486-6936C8D1238B}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{E78488E7-F530-44E7-8B07-D94078721E8C}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{E838FFD5-BB14-45CF-B07A-10E290B2ABFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{EAD008FD-DDE5-4957-B3DA-CC45520D7F9C}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{F00B81A9-BBCF-49F9-82BF-1F0F2473FA79}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{F285A74F-6849-402A-AED4-A81904F62214}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F343FCFF-97A3-41E6-A360-BEA385F56AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{F66E7FC1-9C54-4A8F-9DED-7E131287C44B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{FA9D840E-9563-4507-88F0-8E4D60484484}" = protocol=17 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{FC4EF06F-2D22-47CA-8328-B2AAB700B5D5}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{FD12A3F3-D574-4F16-9567-50578286410A}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{FDD8C4FD-C1F3-4F53-A91D-8D551AC68C1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{FE7F56E1-103E-4FEB-BC1E-6015ABBF4CB4}" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FFB08827-23CE-4FFF-8B5F-1B4DAAF1B21E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{0014723A-37A7-4C3F-A378-53C41E4CE426}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{0D27742F-5257-43C8-84EA-9E231B7DCE7B}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"TCP Query User{0F3135FD-083F-4404-B6E2-69293123C8F2}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{134391CC-2031-4295-AC94-FFE0E02E4318}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{16D03AAE-DCDD-4174-BBEA-CC40722A5C37}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{1C32063D-52A0-4031-AC61-7B4139B83A2D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1F31CC17-6C9F-45DA-A643-E52FCF7ABC55}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{292CF821-DD17-4218-89C3-5207B01E550A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{2E14E686-E9F9-4B6A-8FD4-3C506F8B9EC3}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"TCP Query User{39DF4CF3-A5FC-4EEC-A7C4-1762C4EBB1FF}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4BE721BA-D3A4-4D8D-B69E-2A7B6747D221}E:\spiele\dow\w40kwa.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"TCP Query User{503EE2B4-27D0-47B6-AB6E-9A0483594BD8}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{5EB5CE72-82D0-47C3-9679-4FE154E69268}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{5FBFDC7D-4FD2-4134-BBB4-673685DCCF92}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{69CC34AE-A050-47F0-A138-8B6038D74588}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6AFAB6D0-E2FC-48BA-83F7-05EAE55483DB}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{7385314B-85D2-42D0-8B7F-F620D9FF4F43}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{74C4E019-86D6-4FD1-871A-B7B60F9A3CF2}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{79ED69AB-42AA-4B60-8B66-272845B68CBE}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{7D68FC6B-FABC-4781-A95C-487A550F6027}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"TCP Query User{8976449F-3BA8-4C1C-B1D8-318B0AFA9A1F}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{8C5F385C-E7F8-47DA-A08C-1BDDC269EA47}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{9935F3CE-57DD-495D-B697-94BFB55504C0}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"TCP Query User{AB3DBF77-F304-466C-8ADD-D21B3C8E353E}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{C0428AC3-6D0C-4A44-9CD0-2C9D383B076F}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{C46CC9E1-FC62-42E1-8BE1-BCA9FD9EC549}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{C49EAA02-60FF-4AD1-905C-9672FF9FA560}E:\program files\icq\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"TCP Query User{C5BE331E-0D81-4649-AA58-6B592113830F}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"TCP Query User{CACABA95-CCA6-4AE6-94FD-812FFD8EBDB7}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{D17DD753-F69F-4869-8DFA-C4A93FCA0743}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"TCP Query User{D2B9AE61-7D39-4100-B18D-020070661285}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D2F8CD6E-DF6C-4517-AD88-C116E9D7997B}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{DCC6B09F-61CB-4CCC-86BE-4B7E28A49B01}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"TCP Query User{DD8180FA-9C4E-44EA-A3DD-0191BE8D0267}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{E690B277-EA1C-4F70-82D3-91A8D83D7973}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F5C6E122-A674-4006-A3B2-62A824CF1CCE}E:\spiele\dow\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40k.exe | 
"TCP Query User{F5F4B250-D476-4AC7-816C-D3CCF1136CB6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{F780D198-5A14-42E4-9A7A-EFD0B98D85A3}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{0D019EB6-AF10-4B7A-AB56-40E018F47336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{14436E6F-4B9C-4229-AB99-01A04281056F}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{2D20C224-3A2C-42AF-876A-3E4A76F76D60}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{36F4E5EB-30CF-4DC8-83A3-ECEC86F73298}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"UDP Query User{37DA6E4E-58ED-4CE0-9232-2B4963A5D371}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{47004818-6737-40C7-AF7E-0662A54BE024}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{4BF90717-43F7-44F7-A401-CB19EAB0815F}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{4DCD9E04-70EF-465E-92B2-E2DBA9D481C1}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"UDP Query User{5CD2B3DA-0E1D-4139-A961-05F918CABF2C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5CE010C9-65B6-4BC3-B424-2C7AC30DF5E4}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{64D9B77E-D7A6-4CE3-B8E3-DBB1893C701E}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{67363C7F-7A2D-4E1D-A0AB-37436FB3351F}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{708C39C5-CEB3-40A9-A5EF-74C2F62BE340}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{77E6FEB7-9173-49BF-B73E-939E5056281C}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{7AD0CBA2-1BFD-47A6-8960-730FCC6D7D05}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{7D8AE906-6B1D-4B2A-9E4D-E0C91134E508}E:\spiele\dow\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40k.exe | 
"UDP Query User{8025A820-7070-4EEA-9FB0-2FB28D7A83EB}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{813FDE57-BD86-4228-8C14-86344241A1D6}E:\program files\icq\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"UDP Query User{883C0B46-D51D-41ED-B29E-FE32BC5B308D}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"UDP Query User{88E88493-832B-40CB-AC8B-C7F46266FD0A}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{8C104BB1-F90A-4731-ACA3-60025526958C}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{8CAFE158-FD02-48CF-B113-D64BFE3380D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{95B58C57-C7E0-40A4-BB24-3114F5184899}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"UDP Query User{9B8EA6B9-35B0-4D4E-AB07-14FA7E4DEE07}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9F80FEA1-FAE2-4346-B9CA-7142DDCA07A5}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"UDP Query User{A50931E4-3059-4BC5-8981-579472C7746B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{A9E42F6A-83D6-48EA-926B-5083DF519523}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{B82FB9C6-CC21-497A-80D7-716453542BEC}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{B960B09B-C792-4245-9FFA-CBA497D472CA}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{BED86359-2871-4DE6-8094-ADE9C99EEAB7}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C21CF168-1D81-4C42-9372-1A6050867737}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D03CBDA1-E7EA-4F78-9011-679CE91F7FEA}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{D662E869-6165-4515-A6C0-A5811427FCE4}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{D899DA01-7A3F-4D1E-88CA-7D23E8CEA58F}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{DF520C42-CF22-48AC-927B-A4F4F68EEEB5}E:\spiele\dow\w40kwa.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"UDP Query User{E6D57D9E-193A-49B3-A137-59746A9C660A}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"UDP Query User{EEAA92B9-51AA-4A79-8B6E-D5908079E2A6}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{F85A4312-DEFF-42F0-BDF9-9A4DC49E76DF}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E25A554-0153-45A7-B342-49003A36367C}" = PDFtk Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Inkscape" = Inkscape 0.48.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"TeamViewer 7" = TeamViewer 7
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2012 12:31:13 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:19 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:21 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 29.11.2012 12:42:37 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 5.1.0.16309 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 140    Startzeit: 
01cdce38ba4415d4    Endzeit: 0    Anwendungspfad: E:\Spiele\World of Warcraft\Wow.exe    Berichts-ID:
   
 
Error - 07.12.2012 08:26:12 | Computer Name = figur-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Program
 Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.   [ACCESS_VIOLATION
 Exception!! EIP = 0x1e57462]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 12.12.2012 20:14:07 | Computer Name = figur-PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 16.01.2013 08:10:24 | Computer Name = figur-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: inkscape.exe, Version: 0.48.4.0, 
Zeitstempel: 0x50cf79ae  Name des fehlerhaften Moduls: inkscape.exe, Version: 0.48.4.0,
 Zeitstempel: 0x50cf79ae  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00796b3a  ID des fehlerhaften
 Prozesses: 0x1048  Startzeit der fehlerhaften Anwendung: 0x01cdf3e1279e46ea  Pfad der
 fehlerhaften Anwendung: E:\Program Files\Inkscape\inkscape.exe  Pfad des fehlerhaften
 Moduls: E:\Program Files\Inkscape\inkscape.exe  Berichtskennung: b432eed6-5fd5-11e2-8f0e-1c6f658620a9
 
Error - 30.01.2013 05:25:41 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e94    Startzeit: 01cdfecbaf241a15    Endzeit: 40    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 10.02.2013 09:33:34 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 18.02.2013 13:34:31 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
[ Media Center Events ]
Error - 04.09.2011 06:23:26 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:26 - Fehler beim Herstellen der Internetverbindung.  12:23:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.09.2011 06:23:38 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:32 - Fehler beim Herstellen der Internetverbindung.  12:23:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:52:57 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung.  15:52:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:53:07 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:53:02 - Fehler beim Herstellen der Internetverbindung.  15:53:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:18:58 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:18:58 - Fehler beim Herstellen der Internetverbindung.  08:18:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:19:08 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:19:03 - Fehler beim Herstellen der Internetverbindung.  08:19:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:15 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:15 - Fehler beim Herstellen der Internetverbindung.  18:57:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:25 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung.  18:57:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:19 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:19 - Fehler beim Herstellen der Internetverbindung.  12:45:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:36 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:25 - Fehler beim Herstellen der Internetverbindung.  12:45:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary 
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AppleCharger  avipbb  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  sptd  ssmdrv
tcpipBM
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
 
 
< End of report >
         
Vielen Dank im Voraus

Alt 13.05.2013, 13:26   #2
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat
()
[2013.05.13 13:06:33 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
:Files
C:\Users\figur\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 13.05.2013, 13:55   #3
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Wurde hochgeladen, Link zum Thema habe ich angegeben.
PC lässt sich wieder normal starten

Sollte noch etwas gemacht werden?
__________________

Alt 13.05.2013, 13:58   #4
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Danke erst mal fürs hochladen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.05.2013, 14:12   #5
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Frage anbei - kann ich meinen PC ohne bedenken wieder ans Internet hauen?
Habe bis jetzt alles mit Stick hin- und her geschoben.

Getan:
Code:
ATTFilter
15:00:51.0321 2572  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:51.0415 2572  ============================================================
15:00:51.0415 2572  Current date / time: 2013/05/13 15:00:51.0415
15:00:51.0415 2572  SystemInfo:
15:00:51.0415 2572  
15:00:51.0415 2572  OS Version: 6.1.7601 ServicePack: 1.0
15:00:51.0415 2572  Product type: Workstation
15:00:51.0415 2572  ComputerName: FIGUR-PC
15:00:51.0415 2572  UserName: figur
15:00:51.0415 2572  Windows directory: C:\Windows
15:00:51.0415 2572  System windows directory: C:\Windows
15:00:51.0415 2572  Processor architecture: Intel x86
15:00:51.0415 2572  Number of processors: 4
15:00:51.0415 2572  Page size: 0x1000
15:00:51.0415 2572  Boot type: Normal boot
15:00:51.0415 2572  ============================================================
15:00:52.0397 2572  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:00:52.0397 2572  Drive \Device\Harddisk1\DR3 - Size: 0x79200000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:52.0397 2572  ============================================================
15:00:52.0397 2572  \Device\Harddisk0\DR0:
15:00:52.0397 2572  MBR partitions:
15:00:52.0397 2572  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:00:52.0397 2572  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x77CE000
15:00:52.0397 2572  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0xC800000
15:00:52.0397 2572  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14000800, BlocksNum 0x26385000
15:00:52.0397 2572  \Device\Harddisk1\DR3:
15:00:52.0397 2572  MBR partitions:
15:00:52.0397 2572  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3C8FE0
15:00:52.0397 2572  ============================================================
15:00:52.0413 2572  C: <-> \Device\Harddisk0\DR0\Partition2
15:00:52.0444 2572  D: <-> \Device\Harddisk0\DR0\Partition3
15:00:52.0491 2572  E: <-> \Device\Harddisk0\DR0\Partition4
15:00:52.0491 2572  ============================================================
15:00:52.0491 2572  Initialize success
15:00:52.0491 2572  ============================================================
15:02:09.0680 3380  ============================================================
15:02:09.0680 3380  Scan started
15:02:09.0680 3380  Mode: Manual; SigCheck; TDLFS; 
15:02:09.0680 3380  ============================================================
15:02:10.0148 3380  ================ Scan system memory ========================
15:02:10.0148 3380  System memory - ok
15:02:10.0148 3380  ================ Scan services =============================
15:02:10.0257 3380  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:02:10.0319 3380  1394ohci - ok
15:02:10.0351 3380  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:02:10.0351 3380  ACPI - ok
15:02:10.0382 3380  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:02:10.0413 3380  AcpiPmi - ok
15:02:10.0444 3380  adfs - ok
15:02:10.0538 3380  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:02:10.0569 3380  AdobeARMservice - ok
15:02:10.0616 3380  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:10.0647 3380  AdobeFlashPlayerUpdateSvc - ok
15:02:10.0663 3380  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:02:10.0694 3380  adp94xx - ok
15:02:10.0709 3380  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:02:10.0725 3380  adpahci - ok
15:02:10.0787 3380  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:02:10.0834 3380  adpu320 - ok
15:02:10.0881 3380  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:02:10.0928 3380  AeLookupSvc - ok
15:02:10.0975 3380  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:02:11.0037 3380  AFD - ok
15:02:11.0053 3380  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:02:11.0068 3380  agp440 - ok
15:02:11.0084 3380  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:02:11.0099 3380  aic78xx - ok
15:02:11.0115 3380  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:02:11.0146 3380  ALG - ok
15:02:11.0162 3380  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:02:11.0177 3380  aliide - ok
15:02:11.0193 3380  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:02:11.0209 3380  amdagp - ok
15:02:11.0224 3380  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:02:11.0240 3380  amdide - ok
15:02:11.0255 3380  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:02:11.0287 3380  AmdK8 - ok
15:02:11.0302 3380  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:02:11.0318 3380  AmdPPM - ok
15:02:11.0349 3380  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:02:11.0365 3380  amdsata - ok
15:02:11.0380 3380  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:02:11.0396 3380  amdsbs - ok
15:02:11.0411 3380  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:02:11.0427 3380  amdxata - ok
15:02:11.0458 3380  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
15:02:11.0505 3380  androidusb - ok
15:02:11.0583 3380  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService E:\Program Files\Avira\AntiVir Desktop\sched.exe
15:02:11.0599 3380  AntiVirSchedulerService - ok
15:02:11.0645 3380  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  E:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:02:11.0645 3380  AntiVirService - ok
15:02:11.0677 3380  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:02:11.0708 3380  AppID - ok
15:02:11.0739 3380  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:02:11.0786 3380  AppIDSvc - ok
15:02:11.0817 3380  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:02:11.0848 3380  Appinfo - ok
15:02:11.0879 3380  [ 75A8B998EB259DD512F01EA25BEC7F3B ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
15:02:11.0895 3380  AppleCharger - ok
15:02:11.0895 3380  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:02:11.0911 3380  AppleChargerSrv - ok
15:02:11.0942 3380  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:02:11.0989 3380  AppMgmt - ok
15:02:12.0020 3380  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:02:12.0051 3380  arc - ok
15:02:12.0051 3380  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:02:12.0067 3380  arcsas - ok
15:02:12.0145 3380  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:02:12.0176 3380  aspnet_state - ok
15:02:12.0191 3380  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:12.0254 3380  AsyncMac - ok
15:02:12.0285 3380  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:02:12.0301 3380  atapi - ok
15:02:12.0332 3380  [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
15:02:12.0347 3380  atksgt - ok
15:02:12.0379 3380  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:02:12.0425 3380  AudioEndpointBuilder - ok
15:02:12.0425 3380  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:02:12.0457 3380  Audiosrv - ok
15:02:12.0457 3380  [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:02:12.0472 3380  avgntflt - ok
15:02:12.0488 3380  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:02:12.0503 3380  avipbb - ok
15:02:12.0535 3380  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:02:12.0550 3380  AxInstSV - ok
15:02:12.0581 3380  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:02:12.0628 3380  b06bdrv - ok
15:02:12.0644 3380  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:02:12.0675 3380  b57nd60x - ok
15:02:12.0691 3380  [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService      C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
15:02:12.0706 3380  BCUService - ok
15:02:12.0722 3380  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:02:12.0753 3380  BDESVC - ok
15:02:12.0769 3380  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:02:12.0815 3380  Beep - ok
15:02:12.0847 3380  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:02:12.0878 3380  BFE - ok
15:02:12.0909 3380  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:02:12.0925 3380  BITS - ok
15:02:12.0940 3380  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:12.0956 3380  blbdrive - ok
15:02:12.0987 3380  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
15:02:13.0018 3380  BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:02:13.0018 3380  BMLoad - detected UnsignedFile.Multi.Generic (1)
15:02:13.0049 3380  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:02:13.0096 3380  bowser - ok
15:02:13.0127 3380  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:02:13.0159 3380  BrFiltLo - ok
15:02:13.0174 3380  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:02:13.0190 3380  BrFiltUp - ok
15:02:13.0221 3380  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:02:13.0252 3380  Browser - ok
15:02:13.0268 3380  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:02:13.0299 3380  Brserid - ok
15:02:13.0299 3380  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:13.0330 3380  BrSerWdm - ok
15:02:13.0346 3380  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:13.0377 3380  BrUsbMdm - ok
15:02:13.0393 3380  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:13.0408 3380  BrUsbSer - ok
15:02:13.0424 3380  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:02:13.0471 3380  BTHMODEM - ok
15:02:13.0502 3380  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:02:13.0533 3380  bthserv - ok
15:02:13.0549 3380  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:02:13.0611 3380  cdfs - ok
15:02:13.0642 3380  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:02:13.0658 3380  cdrom - ok
15:02:13.0689 3380  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:02:13.0736 3380  CertPropSvc - ok
15:02:13.0751 3380  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:02:13.0767 3380  circlass - ok
15:02:13.0783 3380  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:02:13.0798 3380  CLFS - ok
15:02:13.0814 3380  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:13.0829 3380  clr_optimization_v2.0.50727_32 - ok
15:02:13.0907 3380  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:13.0939 3380  clr_optimization_v4.0.30319_32 - ok
15:02:13.0939 3380  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:13.0954 3380  CmBatt - ok
15:02:13.0970 3380  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:02:13.0985 3380  cmdide - ok
15:02:14.0017 3380  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:02:14.0048 3380  CNG - ok
15:02:14.0063 3380  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:02:14.0079 3380  Compbatt - ok
15:02:14.0095 3380  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:02:14.0141 3380  CompositeBus - ok
15:02:14.0141 3380  COMSysApp - ok
15:02:14.0157 3380  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:14.0173 3380  crcdisk - ok
15:02:14.0204 3380  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:02:14.0219 3380  CryptSvc - ok
15:02:14.0251 3380  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:02:14.0282 3380  CSC - ok
15:02:14.0313 3380  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:02:14.0329 3380  CscService - ok
15:02:14.0360 3380  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:02:14.0375 3380  DcomLaunch - ok
15:02:14.0407 3380  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:02:14.0438 3380  defragsvc - ok
15:02:14.0453 3380  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:02:14.0485 3380  DfsC - ok
15:02:14.0516 3380  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:02:14.0531 3380  Dhcp - ok
15:02:14.0531 3380  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:02:14.0563 3380  discache - ok
15:02:14.0578 3380  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:02:14.0594 3380  Disk - ok
15:02:14.0625 3380  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:02:14.0641 3380  Dnscache - ok
15:02:14.0656 3380  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:02:14.0703 3380  dot3svc - ok
15:02:14.0719 3380  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:02:14.0734 3380  DPS - ok
15:02:14.0765 3380  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:02:14.0812 3380  drmkaud - ok
15:02:14.0859 3380  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:02:14.0937 3380  DXGKrnl - ok
15:02:14.0953 3380  EagleXNt - ok
15:02:14.0968 3380  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:02:14.0999 3380  EapHost - ok
15:02:15.0077 3380  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:02:15.0233 3380  ebdrv - ok
15:02:15.0249 3380  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:02:15.0265 3380  EFS - ok
15:02:15.0327 3380  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:02:15.0374 3380  ehRecvr - ok
15:02:15.0405 3380  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:02:15.0421 3380  ehSched - ok
15:02:15.0436 3380  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:02:15.0452 3380  elxstor - ok
15:02:15.0499 3380  [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl          C:\Windows\system32\drivers\enodpl.sys
15:02:15.0530 3380  enodpl ( UnsignedFile.Multi.Generic ) - warning
15:02:15.0530 3380  enodpl - detected UnsignedFile.Multi.Generic (1)
15:02:15.0545 3380  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:02:15.0592 3380  ErrDev - ok
15:02:15.0623 3380  [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
15:02:15.0639 3380  ES lite Service - ok
15:02:15.0686 3380  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:02:15.0717 3380  EventSystem - ok
15:02:15.0733 3380  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:02:15.0764 3380  exfat - ok
15:02:15.0779 3380  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:02:15.0811 3380  fastfat - ok
15:02:15.0842 3380  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:02:15.0857 3380  Fax - ok
15:02:15.0873 3380  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:02:15.0935 3380  fdc - ok
15:02:15.0951 3380  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:02:15.0982 3380  fdPHost - ok
15:02:15.0982 3380  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:02:16.0013 3380  FDResPub - ok
15:02:16.0029 3380  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:02:16.0045 3380  FileInfo - ok
15:02:16.0045 3380  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:02:16.0060 3380  Filetrace - ok
15:02:16.0076 3380  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:16.0091 3380  flpydisk - ok
15:02:16.0123 3380  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:02:16.0154 3380  FltMgr - ok
15:02:16.0201 3380  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
15:02:16.0232 3380  FontCache - ok
15:02:16.0279 3380  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:02:16.0310 3380  FontCache3.0.0.0 - ok
15:02:16.0325 3380  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:02:16.0357 3380  FsDepends - ok
15:02:16.0388 3380  [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:02:16.0435 3380  fssfltr - ok
15:02:16.0513 3380  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:02:16.0606 3380  fsssvc - ok
15:02:16.0622 3380  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:02:16.0637 3380  Fs_Rec - ok
15:02:16.0669 3380  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:02:16.0684 3380  fvevol - ok
15:02:16.0700 3380  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:16.0715 3380  gagp30kx - ok
15:02:16.0731 3380  [ D556CB79967E92B5CC69686D16C1D846 ] gdrv            C:\Windows\gdrv.sys
15:02:16.0747 3380  gdrv - ok
15:02:16.0778 3380  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:02:16.0825 3380  gpsvc - ok
15:02:16.0903 3380  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:16.0934 3380  gupdate - ok
15:02:16.0965 3380  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:16.0981 3380  gupdatem - ok
15:02:17.0027 3380  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:02:17.0090 3380  gusvc - ok
15:02:17.0090 3380  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:02:17.0121 3380  hcw85cir - ok
15:02:17.0152 3380  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:02:17.0183 3380  HdAudAddService - ok
15:02:17.0199 3380  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:02:17.0230 3380  HDAudBus - ok
15:02:17.0230 3380  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:17.0246 3380  HidBatt - ok
15:02:17.0261 3380  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:02:17.0293 3380  HidBth - ok
15:02:17.0324 3380  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:02:17.0339 3380  HidIr - ok
15:02:17.0355 3380  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:02:17.0402 3380  hidserv - ok
15:02:17.0417 3380  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:02:17.0433 3380  HidUsb - ok
15:02:17.0449 3380  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:02:17.0480 3380  hkmsvc - ok
15:02:17.0511 3380  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:02:17.0511 3380  HomeGroupListener - ok
15:02:17.0542 3380  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:02:17.0558 3380  HomeGroupProvider - ok
15:02:17.0589 3380  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:02:17.0620 3380  HpSAMD - ok
15:02:17.0667 3380  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:02:17.0729 3380  HTTP - ok
15:02:17.0745 3380  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:02:17.0761 3380  hwpolicy - ok
15:02:17.0776 3380  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:02:17.0792 3380  i8042prt - ok
15:02:17.0823 3380  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:02:17.0839 3380  iaStorV - ok
15:02:17.0885 3380  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:02:17.0932 3380  idsvc - ok
15:02:17.0963 3380  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:02:17.0979 3380  iirsp - ok
15:02:18.0026 3380  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:02:18.0088 3380  IKEEXT - ok
15:02:18.0166 3380  [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:02:18.0213 3380  IntcAzAudAddService - ok
15:02:18.0229 3380  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:02:18.0244 3380  intelide - ok
15:02:18.0260 3380  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:02:18.0275 3380  intelppm - ok
15:02:18.0291 3380  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:02:18.0353 3380  IPBusEnum - ok
15:02:18.0369 3380  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:18.0400 3380  IpFilterDriver - ok
15:02:18.0416 3380  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:02:18.0447 3380  iphlpsvc - ok
15:02:18.0463 3380  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:02:18.0478 3380  IPMIDRV - ok
15:02:18.0494 3380  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:02:18.0525 3380  IPNAT - ok
15:02:18.0541 3380  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:02:18.0556 3380  IRENUM - ok
15:02:18.0572 3380  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:02:18.0587 3380  isapnp - ok
15:02:18.0603 3380  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:02:18.0619 3380  iScsiPrt - ok
15:02:18.0650 3380  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:02:18.0665 3380  kbdclass - ok
15:02:18.0681 3380  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:02:18.0712 3380  kbdhid - ok
15:02:18.0728 3380  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:02:18.0728 3380  KeyIso - ok
15:02:18.0743 3380  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:02:18.0759 3380  KSecDD - ok
15:02:18.0775 3380  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:02:18.0790 3380  KSecPkg - ok
15:02:18.0806 3380  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:02:18.0853 3380  KtmRm - ok
15:02:18.0868 3380  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:02:18.0884 3380  LanmanServer - ok
15:02:18.0899 3380  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:02:18.0931 3380  LanmanWorkstation - ok
15:02:18.0946 3380  [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
15:02:18.0962 3380  lirsgt - ok
15:02:18.0993 3380  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:02:19.0040 3380  lltdio - ok
15:02:19.0071 3380  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:02:19.0118 3380  lltdsvc - ok
15:02:19.0118 3380  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:02:19.0149 3380  lmhosts - ok
15:02:19.0165 3380  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:19.0180 3380  LSI_FC - ok
15:02:19.0196 3380  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:19.0211 3380  LSI_SAS - ok
15:02:19.0211 3380  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:19.0227 3380  LSI_SAS2 - ok
15:02:19.0243 3380  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:19.0243 3380  LSI_SCSI - ok
15:02:19.0258 3380  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:02:19.0289 3380  luafv - ok
15:02:19.0321 3380  [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
15:02:19.0321 3380  massfilter - ok
15:02:19.0352 3380  [ 3C7B3072C3C5CC23F5FD46F8DFDA7480 ] massfilter_hs   C:\Windows\system32\drivers\massfilter_hs.sys
15:02:19.0383 3380  massfilter_hs - ok
15:02:19.0414 3380  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:02:19.0461 3380  Mcx2Svc - ok
15:02:19.0477 3380  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:02:19.0492 3380  megasas - ok
15:02:19.0508 3380  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:02:19.0523 3380  MegaSR - ok
15:02:19.0570 3380  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:02:19.0617 3380  Microsoft Office Groove Audit Service - ok
15:02:19.0633 3380  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:02:19.0664 3380  MMCSS - ok
15:02:19.0679 3380  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:02:19.0711 3380  Modem - ok
15:02:19.0742 3380  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:02:19.0757 3380  monitor - ok
15:02:19.0804 3380  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:02:19.0835 3380  mouclass - ok
15:02:19.0851 3380  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:02:19.0867 3380  mouhid - ok
15:02:19.0898 3380  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:02:19.0913 3380  mountmgr - ok
15:02:19.0929 3380  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:02:19.0945 3380  mpio - ok
15:02:19.0960 3380  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:02:20.0007 3380  mpsdrv - ok
15:02:20.0038 3380  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:02:20.0069 3380  MpsSvc - ok
15:02:20.0085 3380  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:02:20.0116 3380  MRxDAV - ok
15:02:20.0132 3380  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:20.0179 3380  mrxsmb - ok
15:02:20.0210 3380  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:20.0257 3380  mrxsmb10 - ok
15:02:20.0272 3380  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:20.0288 3380  mrxsmb20 - ok
15:02:20.0303 3380  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:02:20.0319 3380  msahci - ok
15:02:20.0350 3380  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:02:20.0366 3380  msdsm - ok
15:02:20.0381 3380  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:02:20.0413 3380  MSDTC - ok
15:02:20.0444 3380  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:02:20.0475 3380  Msfs - ok
15:02:20.0491 3380  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:02:20.0522 3380  mshidkmdf - ok
15:02:20.0537 3380  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:02:20.0553 3380  msisadrv - ok
15:02:20.0584 3380  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:02:20.0662 3380  MSiSCSI - ok
15:02:20.0662 3380  msiserver - ok
15:02:20.0678 3380  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:02:20.0709 3380  MSKSSRV - ok
15:02:20.0725 3380  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:20.0756 3380  MSPCLOCK - ok
15:02:20.0771 3380  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:02:20.0803 3380  MSPQM - ok
15:02:20.0818 3380  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:02:20.0834 3380  MsRPC - ok
15:02:20.0849 3380  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:02:20.0849 3380  mssmbios - ok
15:02:20.0865 3380  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:02:20.0881 3380  MSTEE - ok
15:02:20.0896 3380  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:02:20.0896 3380  MTConfig - ok
15:02:20.0912 3380  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:02:20.0927 3380  Mup - ok
15:02:20.0974 3380  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:02:21.0083 3380  napagent - ok
15:02:21.0146 3380  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:02:21.0161 3380  NativeWifiP - ok
15:02:21.0208 3380  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:02:21.0239 3380  NDIS - ok
15:02:21.0255 3380  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:21.0286 3380  NdisCap - ok
15:02:21.0302 3380  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:21.0333 3380  NdisTapi - ok
15:02:21.0364 3380  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:21.0395 3380  Ndisuio - ok
15:02:21.0411 3380  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:21.0442 3380  NdisWan - ok
15:02:21.0473 3380  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:02:21.0505 3380  NDProxy - ok
15:02:21.0520 3380  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:02:21.0551 3380  NetBIOS - ok
15:02:21.0567 3380  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:02:21.0598 3380  NetBT - ok
15:02:21.0614 3380  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:02:21.0614 3380  Netlogon - ok
15:02:21.0645 3380  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:02:21.0676 3380  Netman - ok
15:02:21.0692 3380  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:02:21.0723 3380  netprofm - ok
15:02:21.0754 3380  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:21.0754 3380  NetTcpPortSharing - ok
15:02:21.0785 3380  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:02:21.0801 3380  nfrd960 - ok
15:02:21.0817 3380  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:02:21.0848 3380  NlaSvc - ok
15:02:21.0848 3380  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:02:21.0879 3380  Npfs - ok
15:02:21.0879 3380  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:02:21.0895 3380  nsi - ok
15:02:21.0926 3380  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:02:21.0941 3380  nsiproxy - ok
15:02:21.0988 3380  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:02:22.0035 3380  Ntfs - ok
15:02:22.0051 3380  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:02:22.0082 3380  Null - ok
15:02:22.0113 3380  [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
15:02:22.0129 3380  NVHDA - ok
15:02:22.0300 3380  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:02:22.0409 3380  nvlddmkm - ok
15:02:22.0441 3380  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:02:22.0472 3380  nvraid - ok
15:02:22.0519 3380  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:02:22.0565 3380  nvstor - ok
15:02:22.0597 3380  [ E4284FCF99FEA13A7E1836F87AE356F6 ] NVSvc           C:\Windows\system32\nvvsvc.exe
15:02:22.0643 3380  NVSvc - ok
15:02:22.0690 3380  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:02:22.0721 3380  nvUpdatusService - ok
15:02:22.0737 3380  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:02:22.0753 3380  nv_agp - ok
15:02:22.0815 3380  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:02:22.0831 3380  odserv - ok
15:02:22.0862 3380  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:02:22.0909 3380  ohci1394 - ok
15:02:22.0940 3380  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:22.0955 3380  ose - ok
15:02:22.0987 3380  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:02:23.0002 3380  p2pimsvc - ok
15:02:23.0018 3380  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:02:23.0033 3380  p2psvc - ok
15:02:23.0065 3380  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:02:23.0096 3380  Parport - ok
15:02:23.0111 3380  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:02:23.0127 3380  partmgr - ok
15:02:23.0143 3380  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:02:23.0158 3380  Parvdm - ok
15:02:23.0158 3380  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:02:23.0174 3380  PcaSvc - ok
15:02:23.0205 3380  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:02:23.0221 3380  pci - ok
15:02:23.0236 3380  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:02:23.0252 3380  pciide - ok
15:02:23.0252 3380  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:23.0283 3380  pcmcia - ok
15:02:23.0299 3380  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:02:23.0314 3380  pcw - ok
15:02:23.0330 3380  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:02:23.0392 3380  PEAUTH - ok
15:02:23.0423 3380  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:02:23.0455 3380  PeerDistSvc - ok
15:02:23.0501 3380  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:02:23.0548 3380  pla - ok
15:02:23.0564 3380  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:02:23.0579 3380  PlugPlay - ok
15:02:23.0595 3380  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:02:23.0611 3380  PNRPAutoReg - ok
15:02:23.0626 3380  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:02:23.0642 3380  PNRPsvc - ok
15:02:23.0673 3380  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:02:23.0704 3380  PolicyAgent - ok
15:02:23.0720 3380  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:02:23.0751 3380  Power - ok
15:02:23.0767 3380  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:02:23.0782 3380  PptpMiniport - ok
15:02:23.0798 3380  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:02:23.0813 3380  Processor - ok
15:02:23.0845 3380  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:02:23.0860 3380  ProfSvc - ok
15:02:23.0876 3380  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:02:23.0891 3380  ProtectedStorage - ok
15:02:23.0891 3380  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:02:23.0923 3380  Psched - ok
15:02:23.0969 3380  [ 053A608BCFEB5A4D0CECDDA703B08C83 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
15:02:24.0016 3380  PxHelp20 - ok
15:02:24.0063 3380  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:02:24.0125 3380  ql2300 - ok
15:02:24.0157 3380  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:24.0172 3380  ql40xx - ok
15:02:24.0188 3380  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:02:24.0219 3380  QWAVE - ok
15:02:24.0235 3380  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:02:24.0250 3380  QWAVEdrv - ok
15:02:24.0266 3380  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:02:24.0297 3380  RasAcd - ok
15:02:24.0313 3380  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:24.0375 3380  RasAgileVpn - ok
15:02:24.0391 3380  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:02:24.0422 3380  RasAuto - ok
15:02:24.0437 3380  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:24.0453 3380  Rasl2tp - ok
15:02:24.0500 3380  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:02:24.0547 3380  RasMan - ok
15:02:24.0562 3380  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:24.0578 3380  RasPppoe - ok
15:02:24.0593 3380  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:02:24.0625 3380  RasSstp - ok
15:02:24.0656 3380  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:02:24.0671 3380  rdbss - ok
15:02:24.0687 3380  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:24.0703 3380  rdpbus - ok
15:02:24.0718 3380  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:24.0734 3380  RDPCDD - ok
15:02:24.0749 3380  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:02:24.0765 3380  RDPDR - ok
15:02:24.0781 3380  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:02:24.0812 3380  RDPENCDD - ok
15:02:24.0812 3380  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:02:24.0827 3380  RDPREFMP - ok
15:02:24.0874 3380  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:02:24.0905 3380  RdpVideoMiniport - ok
15:02:24.0937 3380  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:02:24.0968 3380  RDPWD - ok
15:02:24.0983 3380  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:02:24.0999 3380  rdyboost - ok
15:02:25.0030 3380  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:02:25.0077 3380  RemoteAccess - ok
15:02:25.0108 3380  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:02:25.0139 3380  RemoteRegistry - ok
15:02:25.0155 3380  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:02:25.0171 3380  RpcEptMapper - ok
15:02:25.0186 3380  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:02:25.0233 3380  RpcLocator - ok
15:02:25.0249 3380  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:02:25.0280 3380  RpcSs - ok
15:02:25.0295 3380  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:02:25.0327 3380  rspndr - ok
15:02:25.0358 3380  [ 1A42B4CBA44778D312E668CD166CBCBB ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
15:02:25.0373 3380  RTL8167 - ok
15:02:25.0420 3380  [ 08E0B15F88CBFFEE0BB18D321C42E1B4 ] RTL8192cu       C:\Windows\system32\DRIVERS\RTL8192cu.sys
15:02:25.0467 3380  RTL8192cu - ok
15:02:25.0498 3380  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:02:25.0529 3380  s3cap - ok
15:02:25.0545 3380  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:02:25.0561 3380  SamSs - ok
15:02:25.0592 3380  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:02:25.0607 3380  sbp2port - ok
15:02:25.0623 3380  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:02:25.0670 3380  SCardSvr - ok
15:02:25.0685 3380  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:02:25.0732 3380  scfilter - ok
15:02:25.0748 3380  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:02:25.0779 3380  Schedule - ok
15:02:25.0795 3380  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:02:25.0810 3380  SCPolicySvc - ok
15:02:25.0826 3380  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:02:25.0857 3380  SDRSVC - ok
15:02:25.0888 3380  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:02:25.0904 3380  secdrv - ok
15:02:25.0919 3380  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:02:25.0951 3380  seclogon - ok
15:02:25.0966 3380  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:02:25.0997 3380  SENS - ok
15:02:26.0013 3380  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:02:26.0029 3380  SensrSvc - ok
15:02:26.0044 3380  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:02:26.0075 3380  Serenum - ok
15:02:26.0075 3380  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:02:26.0107 3380  Serial - ok
15:02:26.0122 3380  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:02:26.0138 3380  sermouse - ok
15:02:26.0169 3380  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:02:26.0216 3380  SessionEnv - ok
15:02:26.0231 3380  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:02:26.0263 3380  sffdisk - ok
15:02:26.0278 3380  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:02:26.0294 3380  sffp_mmc - ok
15:02:26.0309 3380  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:02:26.0341 3380  sffp_sd - ok
15:02:26.0356 3380  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:26.0372 3380  sfloppy - ok
15:02:26.0403 3380  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:02:26.0450 3380  SharedAccess - ok
15:02:26.0465 3380  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:02:26.0481 3380  ShellHWDetection - ok
15:02:26.0497 3380  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:02:26.0512 3380  sisagp - ok
15:02:26.0528 3380  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:26.0543 3380  SiSRaid2 - ok
15:02:26.0559 3380  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:26.0575 3380  SiSRaid4 - ok
15:02:26.0575 3380  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:02:26.0606 3380  Smb - ok
15:02:26.0637 3380  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:02:26.0653 3380  SNMPTRAP - ok
15:02:26.0653 3380  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:02:26.0668 3380  spldr - ok
15:02:26.0684 3380  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:02:26.0715 3380  Spooler - ok
15:02:26.0793 3380  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:02:26.0902 3380  sppsvc - ok
15:02:26.0918 3380  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:02:26.0949 3380  sppuinotify - ok
15:02:26.0980 3380  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
15:02:26.0980 3380  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
15:02:26.0980 3380  sptd ( LockedFile.Multi.Generic ) - warning
15:02:26.0980 3380  sptd - detected LockedFile.Multi.Generic (1)
15:02:27.0011 3380  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:02:27.0089 3380  srv - ok
15:02:27.0105 3380  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:02:27.0152 3380  srv2 - ok
15:02:27.0167 3380  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:02:27.0183 3380  srvnet - ok
15:02:27.0214 3380  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:02:27.0230 3380  ssadbus - ok
15:02:27.0245 3380  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:02:27.0261 3380  ssadmdfl - ok
15:02:27.0277 3380  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:02:27.0308 3380  ssadmdm - ok
15:02:27.0323 3380  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
15:02:27.0355 3380  ssadserd - ok
15:02:27.0386 3380  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:02:27.0417 3380  SSDPSRV - ok
15:02:27.0464 3380  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:02:27.0479 3380  ssmdrv - ok
15:02:27.0495 3380  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:02:27.0526 3380  SstpSvc - ok
15:02:27.0604 3380  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:02:27.0651 3380  Stereo Service - ok
15:02:27.0667 3380  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:02:27.0682 3380  stexstor - ok
15:02:27.0698 3380  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:02:27.0745 3380  StiSvc - ok
15:02:27.0776 3380  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:02:27.0791 3380  storflt - ok
15:02:27.0807 3380  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:02:27.0823 3380  storvsc - ok
15:02:27.0838 3380  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:02:27.0838 3380  swenum - ok
15:02:27.0932 3380  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:02:27.0979 3380  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:02:27.0979 3380  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:02:27.0979 3380  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:02:28.0010 3380  swprv - ok
15:02:28.0025 3380  Synth3dVsc - ok
15:02:28.0057 3380  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:02:28.0103 3380  SysMain - ok
15:02:28.0119 3380  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:02:28.0166 3380  TabletInputService - ok
15:02:28.0213 3380  [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl          C:\Windows\system32\drivers\tandpl.sys
15:02:28.0228 3380  tandpl ( UnsignedFile.Multi.Generic ) - warning
15:02:28.0228 3380  tandpl - detected UnsignedFile.Multi.Generic (1)
15:02:28.0259 3380  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:02:28.0306 3380  TapiSrv - ok
15:02:28.0322 3380  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:02:28.0337 3380  TBS - ok
15:02:28.0369 3380  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:02:28.0415 3380  Tcpip - ok
15:02:28.0447 3380  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:02:28.0478 3380  TCPIP6 - ok
15:02:28.0493 3380  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
15:02:28.0493 3380  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:02:28.0493 3380  tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:02:28.0509 3380  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:02:28.0525 3380  tcpipreg - ok
15:02:28.0556 3380  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:02:28.0571 3380  TDPIPE - ok
15:02:28.0603 3380  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:02:28.0634 3380  TDTCP - ok
15:02:28.0665 3380  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:02:28.0727 3380  tdx - ok
15:02:28.0899 3380  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     E:\teamviewer\Version7\TeamViewer_Service.exe
15:02:28.0946 3380  TeamViewer7 - ok
15:02:28.0993 3380  [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn   C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:02:29.0024 3380  teamviewervpn - ok
15:02:29.0055 3380  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:02:29.0102 3380  TermDD - ok
15:02:29.0133 3380  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:02:29.0164 3380  TermService - ok
15:02:29.0180 3380  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:02:29.0211 3380  Themes - ok
15:02:29.0211 3380  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:02:29.0227 3380  THREADORDER - ok
15:02:29.0242 3380  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:02:29.0273 3380  TrkWks - ok
15:02:29.0320 3380  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:02:29.0367 3380  TrustedInstaller - ok
15:02:29.0398 3380  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:29.0414 3380  tssecsrv - ok
15:02:29.0429 3380  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:02:29.0445 3380  TsUsbFlt - ok
15:02:29.0445 3380  tsusbhub - ok
15:02:29.0492 3380  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:02:29.0539 3380  tunnel - ok
15:02:29.0554 3380  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:02:29.0570 3380  uagp35 - ok
15:02:29.0601 3380  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:02:29.0648 3380  udfs - ok
15:02:29.0663 3380  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:02:29.0679 3380  UI0Detect - ok
15:02:29.0710 3380  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:02:29.0726 3380  uliagpkx - ok
15:02:29.0757 3380  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
15:02:29.0804 3380  umbus - ok
15:02:29.0804 3380  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:02:29.0819 3380  UmPass - ok
15:02:29.0851 3380  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:02:29.0866 3380  UmRdpService - ok
15:02:29.0882 3380  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:02:29.0913 3380  upnphost - ok
15:02:29.0975 3380  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:02:30.0022 3380  usbaudio - ok
15:02:30.0038 3380  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:30.0069 3380  usbccgp - ok
15:02:30.0100 3380  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:02:30.0163 3380  usbcir - ok
15:02:30.0178 3380  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:02:30.0194 3380  usbehci - ok
15:02:30.0209 3380  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:02:30.0241 3380  usbhub - ok
15:02:30.0256 3380  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:02:30.0287 3380  usbohci - ok
15:02:30.0303 3380  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:02:30.0319 3380  usbprint - ok
15:02:30.0334 3380  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:30.0350 3380  USBSTOR - ok
15:02:30.0365 3380  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:02:30.0365 3380  usbuhci - ok
15:02:30.0397 3380  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:02:30.0412 3380  UxSms - ok
15:02:30.0428 3380  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:02:30.0428 3380  VaultSvc - ok
15:02:30.0459 3380  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:02:30.0475 3380  vdrvroot - ok
15:02:30.0490 3380  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:02:30.0521 3380  vds - ok
15:02:30.0537 3380  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:30.0553 3380  vga - ok
15:02:30.0584 3380  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:02:30.0599 3380  VgaSave - ok
15:02:30.0615 3380  VGPU - ok
15:02:30.0631 3380  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:02:30.0677 3380  vhdmp - ok
15:02:30.0709 3380  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:02:30.0724 3380  viaagp - ok
15:02:30.0740 3380  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:02:30.0771 3380  ViaC7 - ok
15:02:30.0771 3380  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:02:30.0787 3380  viaide - ok
15:02:30.0802 3380  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:02:30.0818 3380  vmbus - ok
15:02:30.0833 3380  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:02:30.0849 3380  VMBusHID - ok
15:02:30.0927 3380  [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService      E:\Program Files\VMC\Bin\VMCService.exe
15:02:30.0958 3380  VMCService ( UnsignedFile.Multi.Generic ) - warning
15:02:30.0958 3380  VMCService - detected UnsignedFile.Multi.Generic (1)
15:02:30.0974 3380  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:02:31.0005 3380  volmgr - ok
15:02:31.0036 3380  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:02:31.0099 3380  volmgrx - ok
15:02:31.0114 3380  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:02:31.0130 3380  volsnap - ok
15:02:31.0161 3380  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:31.0177 3380  vsmraid - ok
15:02:31.0255 3380  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:02:31.0364 3380  VSS - ok
15:02:31.0379 3380  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:31.0411 3380  vwifibus - ok
15:02:31.0426 3380  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:31.0442 3380  vwififlt - ok
15:02:31.0457 3380  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:02:31.0489 3380  W32Time - ok
15:02:31.0504 3380  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:02:31.0535 3380  WacomPen - ok
15:02:31.0551 3380  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:02:31.0567 3380  WANARP - ok
15:02:31.0567 3380  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:02:31.0582 3380  Wanarpv6 - ok
15:02:31.0613 3380  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:02:31.0660 3380  wbengine - ok
15:02:31.0676 3380  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:02:31.0707 3380  WbioSrvc - ok
15:02:31.0723 3380  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:02:31.0754 3380  wcncsvc - ok
15:02:31.0769 3380  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:02:31.0785 3380  WcsPlugInService - ok
15:02:31.0785 3380  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:02:31.0801 3380  Wd - ok
15:02:31.0832 3380  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:02:31.0894 3380  Wdf01000 - ok
15:02:31.0894 3380  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:02:31.0925 3380  WdiServiceHost - ok
15:02:31.0925 3380  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:02:31.0941 3380  WdiSystemHost - ok
15:02:31.0957 3380  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:02:31.0988 3380  WebClient - ok
15:02:32.0003 3380  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:02:32.0035 3380  Wecsvc - ok
15:02:32.0035 3380  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:02:32.0066 3380  wercplsupport - ok
15:02:32.0097 3380  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:02:32.0113 3380  WerSvc - ok
15:02:32.0128 3380  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:32.0144 3380  WfpLwf - ok
15:02:32.0159 3380  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:02:32.0175 3380  WIMMount - ok
15:02:32.0222 3380  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:02:32.0237 3380  WinDefend - ok
15:02:32.0253 3380  WinHttpAutoProxySvc - ok
15:02:32.0300 3380  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:02:32.0362 3380  Winmgmt - ok
15:02:32.0409 3380  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:02:32.0456 3380  WinRM - ok
15:02:32.0487 3380  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:32.0503 3380  WinUsb - ok
15:02:32.0534 3380  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:02:32.0565 3380  Wlansvc - ok
15:02:32.0612 3380  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:02:32.0627 3380  wlcrasvc - ok
15:02:32.0721 3380  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:32.0752 3380  wlidsvc - ok
15:02:32.0783 3380  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:02:32.0799 3380  WmiAcpi - ok
15:02:32.0815 3380  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:02:32.0846 3380  wmiApSrv - ok
15:02:32.0908 3380  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:02:32.0939 3380  WMPNetworkSvc - ok
15:02:32.0955 3380  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:02:32.0986 3380  WPCSvc - ok
15:02:33.0002 3380  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:02:33.0033 3380  WPDBusEnum - ok
15:02:33.0064 3380  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:02:33.0111 3380  ws2ifsl - ok
15:02:33.0127 3380  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:02:33.0158 3380  wscsvc - ok
15:02:33.0158 3380  WSearch - ok
15:02:33.0189 3380  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:02:33.0236 3380  wuauserv - ok
15:02:33.0251 3380  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:02:33.0267 3380  WudfPf - ok
15:02:33.0298 3380  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:33.0314 3380  WUDFRd - ok
15:02:33.0345 3380  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:02:33.0392 3380  wudfsvc - ok
15:02:33.0407 3380  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:02:33.0454 3380  WwanSvc - ok
15:02:33.0485 3380  [ 9474B548D96FBE5E5A99B9AC8AF65BD8 ] zghsdiag        C:\Windows\system32\DRIVERS\zghsdiag.sys
15:02:33.0532 3380  zghsdiag - ok
15:02:33.0563 3380  [ 5CBAFE90E78C13C0429971E2FA05B48A ] zghsmdm         C:\Windows\system32\DRIVERS\zghsmdm.sys
15:02:33.0610 3380  zghsmdm - ok
15:02:33.0641 3380  [ DEC848571EB87EF2F10FA289320D7A44 ] zghsnmea        C:\Windows\system32\DRIVERS\zghsnmea.sys
15:02:33.0673 3380  zghsnmea - ok
15:02:33.0719 3380  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:02:33.0766 3380  ZTEusbmdm6k - ok
15:02:33.0782 3380  [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet       C:\Windows\system32\DRIVERS\ZTEusbnet.sys
15:02:33.0829 3380  ZTEusbnet - ok
15:02:33.0844 3380  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:02:33.0860 3380  ZTEusbnmea - ok
15:02:33.0875 3380  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:02:33.0891 3380  ZTEusbser6k - ok
15:02:33.0907 3380  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
15:02:33.0922 3380  ZTEusbvoice - ok
15:02:33.0938 3380  ================ Scan global ===============================
15:02:33.0969 3380  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:02:33.0985 3380  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:02:34.0000 3380  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:02:34.0031 3380  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:02:34.0047 3380  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:02:34.0047 3380  [Global] - ok
15:02:34.0047 3380  ================ Scan MBR ==================================
15:02:34.0063 3380  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:02:34.0468 3380  \Device\Harddisk0\DR0 - ok
15:02:34.0484 3380  [ 20C15EF2111B8472BBFE5E65B7C949E6 ] \Device\Harddisk1\DR3
15:02:35.0092 3380  \Device\Harddisk1\DR3 - ok
15:02:35.0092 3380  ================ Scan VBR ==================================
15:02:35.0092 3380  [ 2BCA57A5544EFA7843D3397D6F43C02A ] \Device\Harddisk0\DR0\Partition1
15:02:35.0092 3380  \Device\Harddisk0\DR0\Partition1 - ok
15:02:35.0108 3380  [ 99200672EC99E77D8952E7E529DEDD4A ] \Device\Harddisk0\DR0\Partition2
15:02:35.0108 3380  \Device\Harddisk0\DR0\Partition2 - ok
15:02:35.0123 3380  [ 7121F92D8BA49FD731F3ED6F22B5EC10 ] \Device\Harddisk0\DR0\Partition3
15:02:35.0123 3380  \Device\Harddisk0\DR0\Partition3 - ok
15:02:35.0139 3380  [ 8CB2DF087D07941900F5D07328D049F6 ] \Device\Harddisk0\DR0\Partition4
15:02:35.0139 3380  \Device\Harddisk0\DR0\Partition4 - ok
15:02:35.0139 3380  [ 3BEA09A2C03F8F769740A0333FC3D361 ] \Device\Harddisk1\DR3\Partition1
15:02:35.0139 3380  \Device\Harddisk1\DR3\Partition1 - ok
15:02:35.0139 3380  ============================================================
15:02:35.0139 3380  Scan finished
15:02:35.0139 3380  ============================================================
15:02:35.0155 1816  Detected object count: 7
15:02:35.0155 1816  Actual detected object count: 7
15:05:12.0356 1816  BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816  BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0356 1816  enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816  enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0356 1816  sptd ( LockedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0372 1816  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0372 1816  tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816  tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0372 1816  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:12.0372 1816  VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816  VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:05:24.0275 3376  Deinitialize success
         


Alt 13.05.2013, 14:14   #6
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Hi
ins Netz kannst du, und in den normalen Modus.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter

Alt 13.05.2013, 14:31   #7
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Okay, danke.

Hier der Code:
Code:
ATTFilter
ComboFix 13-05-12.01 - figur 13.05.2013  15:20:13.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3326.2225 [GMT 2:00]
ausgeführt von:: d:\users\figur\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\figur\AppData\Local\._Revolution_
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-13 bis 2013-05-13  ))))))))))))))))))))))))))))))
.
.
2013-05-10 07:20 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1312C39-20B9-4B95-BC51-B8E714067DDB}\mpengine.dll
2013-04-29 21:41 . 2013-04-29 21:41	--------	d-----w-	c:\programdata\ALM
2013-04-23 18:28 . 2013-04-12 13:45	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-14 11:09 . 2013-04-14 11:15	--------	d-----w-	C:\Bilder N
2013-04-14 10:08 . 2013-04-14 10:08	--------	d-----w-	c:\windows\San Andreas Mod Installer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-13 12:38 . 2011-02-12 13:46	17488	----a-w-	c:\windows\gdrv.sys
2013-05-13 10:58 . 2011-03-28 16:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-02-12 19:23	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-11 13:35 . 2012-04-09 07:55	691592	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-11 13:35 . 2011-05-13 17:12	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-19 05:04 . 2013-04-10 06:09	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:09	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 06:09	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 06:09	69632	----a-w-	c:\windows\system32\smss.exe
2013-03-01 03:09 . 2013-04-10 06:09	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-25 22:22 . 2013-02-25 22:22	1985824	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:22 . 2012-07-23 19:27	1017120	----a-w-	c:\windows\system32\nvdispco32.dll
2013-02-25 22:22 . 2013-02-25 22:22	958120	----a-w-	c:\windows\system32\nvumdshim.dll
2013-02-25 22:22 . 2013-02-25 22:22	6262608	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:22 . 2013-02-25 22:22	2505144	----a-w-	c:\windows\system32\nvapi.dll
2013-02-25 22:22 . 2013-02-25 22:22	12641992	----a-w-	c:\windows\system32\nvwgf2um.dll
2013-02-25 22:22 . 2012-10-10 20:14	892704	----a-w-	c:\windows\system32\nvdispgenco32.dll
2013-02-25 22:22 . 2013-02-25 22:22	15129960	----a-w-	c:\windows\system32\nvd3dum.dll
2013-02-25 22:22 . 2013-02-25 22:22	7932256	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:22 . 2013-02-25 22:22	201576	----a-w-	c:\windows\system32\nvinit.dll
2013-02-25 22:22 . 2013-02-25 22:22	17560352	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:22 . 2013-02-25 22:22	20449056	----a-w-	c:\windows\system32\nvoglv32.dll
2013-02-25 22:22 . 2013-02-25 22:22	8939296	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:22 . 2013-02-25 22:22	2720544	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-22 03:46 . 2013-04-10 18:28	1800704	----a-w-	c:\windows\system32\jscript9.dll
2013-02-22 03:38 . 2013-04-10 18:28	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-02-22 03:37 . 2013-04-10 18:28	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 18:28	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 18:28	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-02-22 03:31 . 2013-04-10 18:28	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-02-15 04:37 . 2013-04-10 06:08	3217408	----a-w-	c:\windows\system32\mstscax.dll
2013-02-15 04:34 . 2013-04-10 06:08	131584	----a-w-	c:\windows\system32\aaclient.dll
2013-02-15 03:25 . 2013-04-10 06:08	36864	----a-w-	c:\windows\system32\tsgqec.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\figur\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\figur\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\figur\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-04 1105408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^figur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\figur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^figur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\figur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^figur^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\figur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09	446392	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26	1073312	----a-w-	c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-12-13 07:39	281768	----a-w-	e:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]
2009-10-15 13:06	375000	----a-w-	c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	e:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-10 13:21	136176	----atw-	c:\users\figur\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-01 13:28	119608	----a-w-	e:\program files\ICQ\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-04-20 16:20	2327552	----a-w-	e:\program files\VMC\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-02-19 09:53	162856	----a-w-	e:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	e:\program files\quicktime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-07-28 10:23	9398888	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2013-05-04 14:17	4573184	----a-w-	c:\users\figur\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-05-04 14:17	1105408	----a-w-	c:\users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12	253672	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37	517096	----a-w-	c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Surf Wireless Micro USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;e:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;e:\teamviewer\Version7\TeamViewer_Service.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;e:\program files\VMC\Bin\VMCService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 05726215
*Deregistered* - 05726215
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:35]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 20:44]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 20:44]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job
- c:\users\figur\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:21]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job
- c:\users\figur\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 13:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://facebook.de/
mStart Page = hxxp://www.de.maxiwe.com
IE: Free YouTube to MP3 Converter - c:\users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - e:\program files\ICQ\ICQ7.4\ICQ.exe
LSP: bmnet.dll
Trusted Zone: drei.to\games
Trusted Zone: x7.to
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\figur\AppData\Roaming\Mozilla\Firefox\Profiles\qex9jmqo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - cec97a9100000000000000ff520fff5b
FF - user.js: extensions.Softonic.instlDay - 15627
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.414:50
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Acrobat Assistant 8 - e:\program files\PS6\Acrobat 10.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - e:\program files\PS6\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-Adobe Reader Speed Launcher - e:\program files\Adobe\Reader\Reader_sl.exe
MSConfigStartUp-GAINWARD - e:\program files\EXPERTool\TBPanel.exe
MSConfigStartUp-LWS - e:\program files\webcam\LWS\Webcam Software\LWS.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã* ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ã* \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*Ã* ]
"0"=hex:61,00,6e,00,64,00,65,00,72,00,65,00,73,00,20,00,69,00,77,00,69,00,20,
   00,6f,00,2e,00,c3,00,1d,20,00,00,8e,00,36,00,00,00,00,00,00,00,00,00,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2013-05-13  15:24:09
ComboFix-quarantined-files.txt  2013-05-13 13:24
.
Vor Suchlauf: 9 Verzeichnis(se), 23.451.774.976 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 23.341.543.424 Bytes frei
.
- - End Of File - - 2DEDD469EF0804A148B67EF8EF104CFE
         

Alt 13.05.2013, 14:45   #8
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.05.2013, 16:48   #9
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Hat etwas gedauert, ganz schön gearbeitet.

Vielen Dank für die schnelle Hilfe!!!

Konnte man denn erkennen, woher der Mist kam?

Hier der Logfile.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.13.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
figur :: FIGUR-PC [Administrator]

13.05.2013 15:45:40
mbam-log-2013-05-13 (15-45-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 484726
Laufzeit: 1 Stunde(n), 15 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
G:\_OTL\MovedFiles.zip (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\_OTL\MovedFiles\05132013_143400\C_Users\figur\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 13.05.2013, 17:03   #10
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



sicherheitslücken warscheinlich.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.05.2013, 17:48   #11
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Ganz schönes Chaos, aber okay.
Code:
ATTFilter
7-Zip 9.20		24.12.2011		nötig
Adobe AIR	Adobe Systems Incorporated	13.12.2012		3.1.0.4880	nötig
Adobe Creative Suite 6 Master Collection	Adobe Systems Incorporated	29.04.2013	2,65GB	6	nötig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	11.04.2013	6,00MB	11.7.700.169	nötig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.03.2013	6,00MB	11.6.602.180	nötig
Adobe Help Manager	Adobe Systems Incorporated	13.12.2012		4.0.244	nötig
Adobe Media Player	Adobe Systems Incorporated	16.10.2011		1.1	nötig
Adobe Reader X (10.1.6) - Deutsch	Adobe Systems Incorporated	24.02.2013	123MB	10.1.6	nötig
Adobe Widget Browser	Adobe Systems Incorporated.	13.12.2012		2.0 Build 348	nötig
Apple Application Support	Apple Inc.	13.12.2012	65,0MB	2.3	nötig
Apple Software Update	Apple Inc.	14.10.2012	2,38MB	2.1.3.127	nötig
Avira AntiVir Personal - Free Antivirus	Avira GmbH	30.10.2012	76,8MB	10.2.0.719	nötig
Browser Configuration Utility	DeviceVM Inc.	12.02.2011	2,83MB	1.1.18.0	nötig
CCleaner	Piriform	23.04.2013		4.01	unbekannt
Designer 2.0	Fomanu AG	17.10.2011		7.9.0	unbekannt
Diablo III	Blizzard Entertainment	08.05.2013		1.0.8.16416	nötig
Dropbox	Dropbox, Inc.	04.04.2013		1.6.18	nötig
EasySaver B9.1214.1	Gigabyte	12.02.2011		1.00.0000	unbekannt
Empire Earth Ultimate Edition	The Games Company	20.04.2011	7,13GB	1.0	nötig
Google Chrome	Google Inc.	16.03.2012		26.0.1410.64	nötig
Google Earth Plug-in	Google	25.03.2013	80,7MB	7.0.3.8542	nötig
Google Toolbar for Internet Explorer	Google Inc.	16.12.2012		7.4.3607.2246	unnötig
Grand Theft Auto San Andreas	Rockstar Games	04.04.2013		1.00.00001	nötig
ICQ7.4	ICQ	11.07.2011		7.4	unnötig
Inkscape 0.48.4		16.01.2013		0.48.4	nötig
Java(TM) 6 Update 25	Oracle	15.05.2011	94,7MB	6.0.250	nötig
Luminance HDR 2.3.0	Luminance HDR Dev Team	04.01.2013	61,5MB	nötig
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	13.05.2013	19,2MB	1.75.0.1300	nötig
Microsoft .NET Framework 1.1	Microsoft	14.04.2013	34,8MB	1.1.4322	nötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	20.02.2011	38,8MB	4.0.30319	nötig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	20.02.2011	2,93MB	4.0.30319	nötig
Microsoft Office Enterprise 2007	Microsoft Corporation	28.03.2012		12.0.6612.1000	nötig
Microsoft Office File Validation Add-In	Microsoft Corporation	12.03.2012	7,95MB	14.0.5130.5003	nötig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.02.2013	508KB	2.0.4024.1	nötig
Microsoft Office Outlook Connector	Microsoft Corporation	11.07.2011	3,36MB	14.0.5118.5000	nötig
Microsoft Silverlight	Microsoft Corporation	14.03.2013	122MB	5.1.20125.0	nötig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	11.07.2011	1,69MB	3.1.0000	nötig	
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.07.2011	300KB	8.0.59193	nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	03.04.2011	240KB	9.0.30729	nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	12.02.2011	596KB	9.0.30729.4148	nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	12.07.2011	600KB	9.0.30729.6161	nötig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	28.12.2011	15,0MB	10.0.40219	nötig
Mozilla Firefox (3.6.15)	Mozilla	05.03.2011		3.6.15 (de)	nötig
Mozilla Firefox 6.0.2 (x86 de)	Mozilla	08.09.2011	35,0MB	6.0.2	nötig
NVIDIA 3D Vision Controller-Treiber 301.42	NVIDIA Corporation	23.07.2012		301.42	nötig
NVIDIA 3D Vision Treiber 311.06	NVIDIA Corporation	14.04.2013		311.06	nötig
NVIDIA Grafiktreiber 311.06	NVIDIA Corporation	14.04.2013		311.06	nötig
NVIDIA HD-Audiotreiber 1.3.16.0	NVIDIA Corporation	23.07.2012		1.3.16.0	nötig
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	23.07.2012		9.12.0213	nötig
NVIDIA Update 1.11.3	NVIDIA Corporation	14.04.2013		1.11.3	nötig
ON_OFF Charge B10.0427.1	GIGABYTE	12.02.2011		1.00.0001	unbekannt
PDF24 Creator 5.3.0	PDF24.org	17.03.2013	41,4MB	nötig
PDFtk Server	PDF Labs	29.01.2013	7,15MB	1.45.1	nötig
QuickTime	Apple Inc.	13.12.2012	73,1MB	7.73.80.64	nötig
Realtek Ethernet Controller Driver For Windows 7	Realtek	12.02.2011		7.18.322.2010	nötig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	12.02.2011		6.0.1.6167	nötig
San Andreas Mod Installer	cpmusick	14.04.2013		1.1	unnötig
Spotify	Spotify AB	04.05.2013		0.9.0.133.gd18ed589	nötig
TeamSpeak 3 Client	TeamSpeak Systems GmbH	22.11.2012		3.0.9.2	nötig
TeamViewer 7	TeamViewer	23.07.2012		7.0.13989	nötig
Unreal Tournament		12.02.2011	nötig		
Vectorworks 2012 Hilfe	UNKNOWN	20.02.2012		1.0	nötig
VLC media player 1.0.3	VideoLAN Team	12.02.2011		1.0.3	nötig
Vodafone Mobile Connect	Vodafone	28.02.2011	89,3MB	9.4.2.14731	unnötig
Windows Live Essentials	Microsoft Corporation	11.07.2011		15.4.3538.0513	nötig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	11.07.2011	5,57MB	15.4.5722.2	nötig
WinRAR		12.02.2011	nötig
XIII		04.04.2013		1.00.000	nötig
ZTE Handset USB Driver 5.2066.1.8B02	ZTE Corporation	10.07.2011	8,01MB	5.2066.1.8B02	unnötig
         

Alt 13.05.2013, 18:01   #12
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Google Toolbar
ICQ7.4
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
San Andreas

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.05.2013, 17:15   #13
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Hey,
war nicht in Rechnernähe. Als ich ihn heute starten wollte trat das gleiche Problem wie zu Anfang auf. Nur, dass ich diesmal nicht in den Abgesicherten Modus mit Eingabeaufforderung kam - hat sich beim Laden der Daten aufgehängt und eingefroren. Nach einer Weile hat er sich neu gestartet - selbe Problem.
Konnte also diesmal nichtmal mit OTL ein Bericht erstellen.
Gibt es noch irgendeine Möglichkeit, die Daten zu sichern? Oder hilft nur PC platt machen? Und kann man irgendwie an die Daten kommen, ohne da die Viren oder so mitzuziehen?

Vielen Dank schon und nochmal.

Okay, berichtige - nach einigen Versuchen konnte ich OTL durchlaufen lassen und Scannen. Hier die Logfiles dazu.
Hoffe, es kommt nochmal so schnell gute Hilfe. Diesmal werde ich gleich eine Datensicherung einrichten und den PC aufräumen.
Code:
ATTFilter
OTL Extras logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\PS CS 6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe" = E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C1869-451E-40AE-A41A-A21E72ED6F3A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{01B8ABAC-1D90-46A3-A55B-AA42E6E8B117}" = rport=138 | protocol=17 | dir=out | app=system | 
"{01B90067-134F-406B-A57B-69F713CF03C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BC26644-28AE-4FC7-A9BE-392A1FB055F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{111682D2-AD4D-4BE0-8D3D-E15DCAA685D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1BC72A23-A3BF-48D4-8F1A-005347C4EC71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3F901FC0-92B8-449C-9D00-796744D2AC18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{429B0F19-5A3E-42B4-8B34-D17A05E68740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{615507E0-A915-45F1-9890-E546C26A209D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{63A28F5F-BFB3-4357-99CC-995434CB79D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{658EDBB1-A304-4021-ABE8-6E50B489EEC5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C00E6A0-F056-40FC-9D20-7E438743FAF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75D64749-451D-4ECD-B074-71AF7652F7EF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7C72D6AB-455C-4EFC-A00E-45555AD3787F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7CC325AD-68A2-4012-AE38-DB18543AEB2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9861FB8D-7B0F-4A87-BA6D-267F710101A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A3EBFCCE-079B-4957-B907-6E9886E6FC50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC93D640-45AC-46A2-9C7A-B6623436BEE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B70EE68F-D0BD-45D1-96FB-AC0CFA1EE368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D46EB686-C5BB-4329-9447-471752DC5782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D601692B-1CD7-4C8B-BFA0-14B75CD05366}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
"{D992DAFB-B762-4729-B88A-7797839FF2C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E38F9C35-F1F8-4064-A6F8-7F86E1B560F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA208381-5C67-4DC4-8B5D-CE824117F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8738809-12F6-45EF-A681-3C31C67DD852}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085B955-56BA-473F-8ED5-A69D8C843E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{02CB7ABC-7A24-4D49-94B8-22E1A1ABB12C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{03A0CE32-38BD-4B08-824E-1F267BB0D92F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{04BA9FAB-3C2B-47C2-8359-427278186989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0559B808-F3D7-4353-AB37-94C4739E7EC0}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{05A13A72-1A66-4971-ADBF-64A144EAB17D}" = protocol=6 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{09A517CD-0FAE-4BFA-9D9D-34CD5F001A47}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{0CC90E07-0D62-467C-BF16-9F654E28F1FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1952F11E-F340-4391-BA41-CDE0BCC9FA73}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{1CCCD02B-4812-4A08-B2D2-091E852BF90C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1CD282C3-6482-4D26-A57D-C39721714315}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{242FEC2E-D375-4A9F-A44D-52D1AD0234DF}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{2AAB60E1-5449-4235-AF33-804975A234D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2BC6B7EE-509B-434C-946A-6AB38F96E8A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EC6259B-8A5D-4C27-AEF0-BCE5D349D45F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{3198636D-011F-47E0-A9F6-E6FA016F22B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{38599AE1-76C5-45FE-A585-6100C76A3573}" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{391D0643-7576-44AA-A0DF-3AB0744B668C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C979D3C-C62C-41AB-9987-97902D843F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CDB117C-BEA0-4959-AFB3-765FD31584D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3EDFFEC1-2B71-46AA-A3F7-C391976538E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{3F6E5F4D-5EF3-4031-AEA9-8EFC03916942}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{47065E43-46D8-45FF-9090-3FDFDE7E67E1}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{4E8D4E6B-4A70-4CDE-9B05-88E828451466}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{557ACC55-17E2-49D8-A67D-135D45A6B0D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{5AE17198-72C0-49B3-BDD9-38D2EE0E7967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AE45DB6-1B63-4352-86A6-AF522EBDEB53}" = protocol=6 | dir=out | app=system | 
"{5B937E7C-ACC8-469F-83AF-4C8A96C3D646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5BE830D5-7C5A-430A-A23C-A7440478D95B}" = protocol=17 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{60E4AD5E-9905-45F7-AE3C-8B06CAAF9D2C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{61DF8C14-1C34-4290-AC65-06F1A5CCF267}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{61FF37CE-5A62-441E-9C82-24F38BBA2090}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{75F8B34C-9AE8-4B3D-85DB-3491709E6797}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BAA0695-CBBA-4E18-95D9-2E7277A72F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{7F4CDBDE-6F13-43EB-ACA6-AD0B235273C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88C722A1-887E-479E-AB09-3A272FA3497D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8F1848E2-E74B-495B-86C3-44696EB70E39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{90AB74DD-BC6F-44F1-8E8B-0266D185BEFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{95EA19CF-7959-44D7-8E79-EFA81EF85AA2}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{997F5F9B-A978-4146-A110-DE7FC3A722DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A94BF7FC-6DBD-4751-AFCC-74E5DB61303D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AA1EFE17-8CAD-4420-B6E6-40712704E40F}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{ADB109C7-3215-4520-9B7D-6AA2CF189466}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{B7E4D3CB-855B-4266-8CF5-C719A5308B1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B9F64E1F-B269-4FE3-91DE-C4A305556699}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA651E00-E545-4DEB-9B36-374004B1A6F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BBB93082-7A5F-41DC-8CCF-A29616BBD961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8657679-17B5-474F-A6A1-7EE6A5DAE3E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA94BBAD-5976-4DEB-B7A7-E79D40FB3490}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{CAB5B3A0-63F3-4957-A442-AB30C83E99FD}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{CDCEC5DE-AE59-495E-A102-E23BCC584025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5E8A7E2-4904-4802-9CC2-CA7130CAF273}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{D8D5D0D6-569C-48EC-9185-0D5C35FF7643}" = protocol=6 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{DC98AD21-6768-4D43-A30D-1AC341F6BA92}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{E60BF77C-2C8B-4595-9486-6936C8D1238B}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{E78488E7-F530-44E7-8B07-D94078721E8C}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{E838FFD5-BB14-45CF-B07A-10E290B2ABFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{EAD008FD-DDE5-4957-B3DA-CC45520D7F9C}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{F00B81A9-BBCF-49F9-82BF-1F0F2473FA79}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{F285A74F-6849-402A-AED4-A81904F62214}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F343FCFF-97A3-41E6-A360-BEA385F56AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{F66E7FC1-9C54-4A8F-9DED-7E131287C44B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{FA9D840E-9563-4507-88F0-8E4D60484484}" = protocol=17 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{FC4EF06F-2D22-47CA-8328-B2AAB700B5D5}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{FD12A3F3-D574-4F16-9567-50578286410A}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{FDD8C4FD-C1F3-4F53-A91D-8D551AC68C1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{FE7F56E1-103E-4FEB-BC1E-6015ABBF4CB4}" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FFB08827-23CE-4FFF-8B5F-1B4DAAF1B21E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{0014723A-37A7-4C3F-A378-53C41E4CE426}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{0D27742F-5257-43C8-84EA-9E231B7DCE7B}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"TCP Query User{0F3135FD-083F-4404-B6E2-69293123C8F2}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{134391CC-2031-4295-AC94-FFE0E02E4318}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{16D03AAE-DCDD-4174-BBEA-CC40722A5C37}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{1C32063D-52A0-4031-AC61-7B4139B83A2D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1F31CC17-6C9F-45DA-A643-E52FCF7ABC55}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{292CF821-DD17-4218-89C3-5207B01E550A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{2E14E686-E9F9-4B6A-8FD4-3C506F8B9EC3}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"TCP Query User{39DF4CF3-A5FC-4EEC-A7C4-1762C4EBB1FF}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4BE721BA-D3A4-4D8D-B69E-2A7B6747D221}E:\spiele\dow\w40kwa.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"TCP Query User{503EE2B4-27D0-47B6-AB6E-9A0483594BD8}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{5EB5CE72-82D0-47C3-9679-4FE154E69268}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{5FBFDC7D-4FD2-4134-BBB4-673685DCCF92}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{69CC34AE-A050-47F0-A138-8B6038D74588}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6AFAB6D0-E2FC-48BA-83F7-05EAE55483DB}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{7385314B-85D2-42D0-8B7F-F620D9FF4F43}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{74C4E019-86D6-4FD1-871A-B7B60F9A3CF2}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{79ED69AB-42AA-4B60-8B66-272845B68CBE}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{7D68FC6B-FABC-4781-A95C-487A550F6027}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"TCP Query User{8976449F-3BA8-4C1C-B1D8-318B0AFA9A1F}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{8C5F385C-E7F8-47DA-A08C-1BDDC269EA47}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{9935F3CE-57DD-495D-B697-94BFB55504C0}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"TCP Query User{AB3DBF77-F304-466C-8ADD-D21B3C8E353E}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{C0428AC3-6D0C-4A44-9CD0-2C9D383B076F}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{C46CC9E1-FC62-42E1-8BE1-BCA9FD9EC549}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{C49EAA02-60FF-4AD1-905C-9672FF9FA560}E:\program files\icq\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"TCP Query User{C5BE331E-0D81-4649-AA58-6B592113830F}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"TCP Query User{CACABA95-CCA6-4AE6-94FD-812FFD8EBDB7}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{D17DD753-F69F-4869-8DFA-C4A93FCA0743}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"TCP Query User{D2B9AE61-7D39-4100-B18D-020070661285}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D2F8CD6E-DF6C-4517-AD88-C116E9D7997B}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{DCC6B09F-61CB-4CCC-86BE-4B7E28A49B01}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"TCP Query User{DD8180FA-9C4E-44EA-A3DD-0191BE8D0267}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{E690B277-EA1C-4F70-82D3-91A8D83D7973}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F5C6E122-A674-4006-A3B2-62A824CF1CCE}E:\spiele\dow\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40k.exe | 
"TCP Query User{F5F4B250-D476-4AC7-816C-D3CCF1136CB6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{F780D198-5A14-42E4-9A7A-EFD0B98D85A3}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{0D019EB6-AF10-4B7A-AB56-40E018F47336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{14436E6F-4B9C-4229-AB99-01A04281056F}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{2D20C224-3A2C-42AF-876A-3E4A76F76D60}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{36F4E5EB-30CF-4DC8-83A3-ECEC86F73298}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"UDP Query User{37DA6E4E-58ED-4CE0-9232-2B4963A5D371}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{47004818-6737-40C7-AF7E-0662A54BE024}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{4BF90717-43F7-44F7-A401-CB19EAB0815F}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{4DCD9E04-70EF-465E-92B2-E2DBA9D481C1}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"UDP Query User{5CD2B3DA-0E1D-4139-A961-05F918CABF2C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5CE010C9-65B6-4BC3-B424-2C7AC30DF5E4}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{64D9B77E-D7A6-4CE3-B8E3-DBB1893C701E}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{67363C7F-7A2D-4E1D-A0AB-37436FB3351F}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{708C39C5-CEB3-40A9-A5EF-74C2F62BE340}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{77E6FEB7-9173-49BF-B73E-939E5056281C}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{7AD0CBA2-1BFD-47A6-8960-730FCC6D7D05}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{7D8AE906-6B1D-4B2A-9E4D-E0C91134E508}E:\spiele\dow\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40k.exe | 
"UDP Query User{8025A820-7070-4EEA-9FB0-2FB28D7A83EB}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{813FDE57-BD86-4228-8C14-86344241A1D6}E:\program files\icq\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"UDP Query User{883C0B46-D51D-41ED-B29E-FE32BC5B308D}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"UDP Query User{88E88493-832B-40CB-AC8B-C7F46266FD0A}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{8C104BB1-F90A-4731-ACA3-60025526958C}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{8CAFE158-FD02-48CF-B113-D64BFE3380D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{95B58C57-C7E0-40A4-BB24-3114F5184899}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"UDP Query User{9B8EA6B9-35B0-4D4E-AB07-14FA7E4DEE07}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9F80FEA1-FAE2-4346-B9CA-7142DDCA07A5}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"UDP Query User{A50931E4-3059-4BC5-8981-579472C7746B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{A9E42F6A-83D6-48EA-926B-5083DF519523}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{B82FB9C6-CC21-497A-80D7-716453542BEC}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{B960B09B-C792-4245-9FFA-CBA497D472CA}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{BED86359-2871-4DE6-8094-ADE9C99EEAB7}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C21CF168-1D81-4C42-9372-1A6050867737}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D03CBDA1-E7EA-4F78-9011-679CE91F7FEA}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{D662E869-6165-4515-A6C0-A5811427FCE4}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{D899DA01-7A3F-4D1E-88CA-7D23E8CEA58F}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{DF520C42-CF22-48AC-927B-A4F4F68EEEB5}E:\spiele\dow\w40kwa.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"UDP Query User{E6D57D9E-193A-49B3-A137-59746A9C660A}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"UDP Query User{EEAA92B9-51AA-4A79-8B6E-D5908079E2A6}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{F85A4312-DEFF-42F0-BDF9-9A4DC49E76DF}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E25A554-0153-45A7-B342-49003A36367C}" = PDFtk Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe
"Inkscape" = Inkscape 0.48.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"TeamViewer 7" = TeamViewer 7
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2012 12:31:13 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:19 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:21 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 29.11.2012 12:42:37 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 5.1.0.16309 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 140    Startzeit: 
01cdce38ba4415d4    Endzeit: 0    Anwendungspfad: E:\Spiele\World of Warcraft\Wow.exe    Berichts-ID:
   
 
Error - 07.12.2012 08:26:12 | Computer Name = figur-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Program
 Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.   [ACCESS_VIOLATION
 Exception!! EIP = 0x1e57462]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 12.12.2012 20:14:07 | Computer Name = figur-PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 16.01.2013 08:10:24 | Computer Name = figur-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: inkscape.exe, Version: 0.48.4.0, 
Zeitstempel: 0x50cf79ae  Name des fehlerhaften Moduls: inkscape.exe, Version: 0.48.4.0,
 Zeitstempel: 0x50cf79ae  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00796b3a  ID des fehlerhaften
 Prozesses: 0x1048  Startzeit der fehlerhaften Anwendung: 0x01cdf3e1279e46ea  Pfad der
 fehlerhaften Anwendung: E:\Program Files\Inkscape\inkscape.exe  Pfad des fehlerhaften
 Moduls: E:\Program Files\Inkscape\inkscape.exe  Berichtskennung: b432eed6-5fd5-11e2-8f0e-1c6f658620a9
 
Error - 30.01.2013 05:25:41 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e94    Startzeit: 01cdfecbaf241a15    Endzeit: 40    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 10.02.2013 09:33:34 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 18.02.2013 13:34:31 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
[ Media Center Events ]
Error - 04.09.2011 06:23:26 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:26 - Fehler beim Herstellen der Internetverbindung.  12:23:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.09.2011 06:23:38 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:32 - Fehler beim Herstellen der Internetverbindung.  12:23:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:52:57 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung.  15:52:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:53:07 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:53:02 - Fehler beim Herstellen der Internetverbindung.  15:53:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:18:58 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:18:58 - Fehler beim Herstellen der Internetverbindung.  08:18:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:19:08 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:19:03 - Fehler beim Herstellen der Internetverbindung.  08:19:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:15 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:15 - Fehler beim Herstellen der Internetverbindung.  18:57:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:25 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung.  18:57:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:19 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:19 - Fehler beim Herstellen der Internetverbindung.  12:45:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:36 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:25 - Fehler beim Herstellen der Internetverbindung.  12:45:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.05.2013 12:33:55 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:57 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AppleCharger  avipbb  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  sptd  ssmdrv
tcpipBM
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
 
Error - 16.05.2013 12:44:01 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
 "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 13:33:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.16 11:55:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- E:\teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.03 19:05:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 11:44:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- E:\Program Files\VMC\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\figur\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.02 12:23:05 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.07.06 04:22:55 | 000,648,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2011.07.03 19:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 19:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.07 11:21:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011.03.07 11:21:28 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011.03.07 11:20:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011.03.07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011.02.12 17:39:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.12 17:39:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.12 16:17:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.de.maxiwe.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DD D2 D4 53 D0 CB 01  [binary data]
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes,DefaultScope = {D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{C89A4C31-E138-41b2-A7C7-7A30DB2C13CD}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: E:\Program Files\VMC\Optimization Client\addon\ [2011.02.28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
 
[2011.03.05 21:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Extensions
[2012.11.04 14:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions
[2012.08.02 16:42:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.14 13:31:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 14:50:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\ffxtlbra@softonic.com
[2012.11.04 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\staged
[2012.11.04 14:29:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-1.xml
[2011.10.05 21:25:09 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-10.xml
[2011.11.13 15:22:11 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-11.xml
[2012.03.30 12:33:44 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-12.xml
[2011.06.11 15:14:33 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-2.xml
[2011.07.11 02:20:18 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-3.xml
[2011.08.15 16:57:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-4.xml
[2011.08.22 16:58:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-5.xml
[2011.09.01 21:10:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-6.xml
[2011.09.05 18:46:26 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-7.xml
[2011.09.08 23:24:58 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-8.xml
[2011.09.09 20:00:38 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = E:\Program Files\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = E:\Program Files\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.05.13 15:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [Spotify Web Helper] C:\Users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: drei.to ([games] https in Trusted sites)
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: x7.to ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A48842B-B5EF-4C72-95D0-6B6A8D3E40CC}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9927F8A-4FBE-4E06-802A-9286DB433134}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 15:35:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 15:35:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.15 15:35:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 15:35:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 15:35:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 15:35:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.15 15:35:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 15:33:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 14:41:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 14:41:49 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 14:41:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 14:41:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 14:41:42 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.13 18:33:04 | 004,346,816 | ---- | C] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Roaming\Malwarebytes
[2013.05.13 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 15:44:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.13 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.13 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\Programs
[2013.05.13 15:43:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\temp
[2013.05.13 15:23:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.13 15:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 15:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 15:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 15:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 15:19:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.13 15:16:56 | 005,069,265 | R--- | C] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:00:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 16:31:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Männertag 2013
[2013.05.10 11:47:45 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Mt13
[2013.04.29 23:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013.04.29 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013.04.18 16:23:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\DSK Praktikum
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.27 20:03:52 | 003,449,138 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2014.01.27 19:37:50 | 002,089,078 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.16 18:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 18:33:45 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 18:05:51 | 000,003,360 | ---- | M] () -- C:\bootsqm.dat
[2013.05.16 17:49:01 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 17:07:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job
[2013.05.16 16:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 16:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:29:19 | 000,664,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 16:29:19 | 000,624,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 16:29:19 | 000,134,932 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 16:29:19 | 000,110,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 16:26:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.16 12:46:10 | 002,729,109 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:51 | 000,114,522 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.16 11:55:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 11:55:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.16 10:05:56 | 003,917,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 14:40:15 | 000,000,266 | ---- | M] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:39:52 | 000,212,414 | ---- | M] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:07 | 000,125,337 | ---- | M] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 18:33:04 | 004,346,816 | ---- | M] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:51:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:44:26 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.13 15:24:42 | 005,069,265 | R--- | M] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:23:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.13 15:08:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 21:36:39 | 000,054,108 | ---- | M] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 20:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job
[2013.05.12 16:26:14 | 002,216,474 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:22 | 002,409,417 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:17:12 | 001,477,360 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | M] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.10 12:03:56 | 000,005,253 | ---- | M] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.16 18:05:51 | 000,003,360 | ---- | C] () -- C:\bootsqm.dat
[2013.05.16 17:48:37 | 000,000,004 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 12:46:09 | 002,729,109 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:50 | 000,114,522 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.15 14:40:15 | 000,000,266 | ---- | C] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:27:36 | 000,212,414 | ---- | C] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:17 | 000,125,337 | ---- | C] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 15:44:26 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.13 15:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 15:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 15:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 15:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 15:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.12 21:36:47 | 000,054,108 | ---- | C] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 16:34:07 | 002,089,078 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.12 16:31:52 | 003,449,138 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2013.05.12 16:26:14 | 002,216,474 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:08 | 002,409,417 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:12:17 | 001,477,360 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | C] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.08 09:30:33 | 000,005,253 | ---- | C] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.04 22:31:38 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2013.04.04 22:31:38 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2013.03.11 18:04:26 | 000,000,218 | ---- | C] () -- C:\Users\figur\AppData\Local\recently-used.xbel
[2012.07.23 21:28:01 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.03.11 17:08:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.11 16:04:00 | 000,098,304 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.dat
[2012.02.20 15:45:02 | 000,000,287 | ---- | C] () -- C:\Users\figur\AppData\Local\VersionChecker_17.xml
[2012.02.16 20:04:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.09.29 22:14:13 | 000,003,584 | ---- | C] () -- C:\Users\figur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.10 21:23:14 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2011.07.10 21:23:14 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011.06.11 00:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.11 00:36:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Alt 16.05.2013, 17:53   #14
pn20
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



Okay, berichtige - nach einigen Versuchen konnte ich OTL durchlaufen lassen und Scannen. Hier die Logfiles dazu.
Hoffe, es kommt nochmal so schnell gute Hilfe. Diesmal werde ich gleich eine Datensicherung einrichten und den PC aufräumen.
Code:
ATTFilter
OTL Extras logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\PS CS 6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe" = E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C1869-451E-40AE-A41A-A21E72ED6F3A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{01B8ABAC-1D90-46A3-A55B-AA42E6E8B117}" = rport=138 | protocol=17 | dir=out | app=system | 
"{01B90067-134F-406B-A57B-69F713CF03C7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0BC26644-28AE-4FC7-A9BE-392A1FB055F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{111682D2-AD4D-4BE0-8D3D-E15DCAA685D1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1BC72A23-A3BF-48D4-8F1A-005347C4EC71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3F901FC0-92B8-449C-9D00-796744D2AC18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{429B0F19-5A3E-42B4-8B34-D17A05E68740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{615507E0-A915-45F1-9890-E546C26A209D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{63A28F5F-BFB3-4357-99CC-995434CB79D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{658EDBB1-A304-4021-ABE8-6E50B489EEC5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6C00E6A0-F056-40FC-9D20-7E438743FAF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75D64749-451D-4ECD-B074-71AF7652F7EF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7C72D6AB-455C-4EFC-A00E-45555AD3787F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{7CC325AD-68A2-4012-AE38-DB18543AEB2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9861FB8D-7B0F-4A87-BA6D-267F710101A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{A3EBFCCE-079B-4957-B907-6E9886E6FC50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC93D640-45AC-46A2-9C7A-B6623436BEE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B70EE68F-D0BD-45D1-96FB-AC0CFA1EE368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D46EB686-C5BB-4329-9447-471752DC5782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D601692B-1CD7-4C8B-BFA0-14B75CD05366}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
"{D992DAFB-B762-4729-B88A-7797839FF2C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E38F9C35-F1F8-4064-A6F8-7F86E1B560F0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EA208381-5C67-4DC4-8B5D-CE824117F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8738809-12F6-45EF-A681-3C31C67DD852}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085B955-56BA-473F-8ED5-A69D8C843E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{02CB7ABC-7A24-4D49-94B8-22E1A1ABB12C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{03A0CE32-38BD-4B08-824E-1F267BB0D92F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{04BA9FAB-3C2B-47C2-8359-427278186989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0559B808-F3D7-4353-AB37-94C4739E7EC0}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{05A13A72-1A66-4971-ADBF-64A144EAB17D}" = protocol=6 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{09A517CD-0FAE-4BFA-9D9D-34CD5F001A47}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{0CC90E07-0D62-467C-BF16-9F654E28F1FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1952F11E-F340-4391-BA41-CDE0BCC9FA73}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{1CCCD02B-4812-4A08-B2D2-091E852BF90C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1CD282C3-6482-4D26-A57D-C39721714315}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{242FEC2E-D375-4A9F-A44D-52D1AD0234DF}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe | 
"{2AAB60E1-5449-4235-AF33-804975A234D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2BC6B7EE-509B-434C-946A-6AB38F96E8A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2EC6259B-8A5D-4C27-AEF0-BCE5D349D45F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{3198636D-011F-47E0-A9F6-E6FA016F22B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{38599AE1-76C5-45FE-A585-6100C76A3573}" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{391D0643-7576-44AA-A0DF-3AB0744B668C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C979D3C-C62C-41AB-9987-97902D843F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CDB117C-BEA0-4959-AFB3-765FD31584D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{3EDFFEC1-2B71-46AA-A3F7-C391976538E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{3F6E5F4D-5EF3-4031-AEA9-8EFC03916942}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"{47065E43-46D8-45FF-9090-3FDFDE7E67E1}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{4E8D4E6B-4A70-4CDE-9B05-88E828451466}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer.exe | 
"{557ACC55-17E2-49D8-A67D-135D45A6B0D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{5AE17198-72C0-49B3-BDD9-38D2EE0E7967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5AE45DB6-1B63-4352-86A6-AF522EBDEB53}" = protocol=6 | dir=out | app=system | 
"{5B937E7C-ACC8-469F-83AF-4C8A96C3D646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5BE830D5-7C5A-430A-A23C-A7440478D95B}" = protocol=17 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{60E4AD5E-9905-45F7-AE3C-8B06CAAF9D2C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{61DF8C14-1C34-4290-AC65-06F1A5CCF267}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{61FF37CE-5A62-441E-9C82-24F38BBA2090}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe | 
"{75F8B34C-9AE8-4B3D-85DB-3491709E6797}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BAA0695-CBBA-4E18-95D9-2E7277A72F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{7F4CDBDE-6F13-43EB-ACA6-AD0B235273C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88C722A1-887E-479E-AB09-3A272FA3497D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8F1848E2-E74B-495B-86C3-44696EB70E39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{90AB74DD-BC6F-44F1-8E8B-0266D185BEFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{95EA19CF-7959-44D7-8E79-EFA81EF85AA2}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{997F5F9B-A978-4146-A110-DE7FC3A722DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A94BF7FC-6DBD-4751-AFCC-74E5DB61303D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AA1EFE17-8CAD-4420-B6E6-40712704E40F}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{ADB109C7-3215-4520-9B7D-6AA2CF189466}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{B7E4D3CB-855B-4266-8CF5-C719A5308B1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B9F64E1F-B269-4FE3-91DE-C4A305556699}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA651E00-E545-4DEB-9B36-374004B1A6F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BBB93082-7A5F-41DC-8CCF-A29616BBD961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8657679-17B5-474F-A6A1-7EE6A5DAE3E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA94BBAD-5976-4DEB-B7A7-E79D40FB3490}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{CAB5B3A0-63F3-4957-A442-AB30C83E99FD}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{CDCEC5DE-AE59-495E-A102-E23BCC584025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5E8A7E2-4904-4802-9CC2-CA7130CAF273}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{D8D5D0D6-569C-48EC-9185-0D5C35FF7643}" = protocol=6 | dir=in | app=e:\spiele\skyrim\steam.exe | 
"{DC98AD21-6768-4D43-A30D-1AC341F6BA92}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{E60BF77C-2C8B-4595-9486-6936C8D1238B}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe | 
"{E78488E7-F530-44E7-8B07-D94078721E8C}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe | 
"{E838FFD5-BB14-45CF-B07A-10E290B2ABFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{EAD008FD-DDE5-4957-B3DA-CC45520D7F9C}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe | 
"{F00B81A9-BBCF-49F9-82BF-1F0F2473FA79}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{F285A74F-6849-402A-AED4-A81904F62214}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F343FCFF-97A3-41E6-A360-BEA385F56AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{F66E7FC1-9C54-4A8F-9DED-7E131287C44B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{FA9D840E-9563-4507-88F0-8E4D60484484}" = protocol=17 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe | 
"{FC4EF06F-2D22-47CA-8328-B2AAB700B5D5}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"{FD12A3F3-D574-4F16-9567-50578286410A}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe | 
"{FDD8C4FD-C1F3-4F53-A91D-8D551AC68C1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{FE7F56E1-103E-4FEB-BC1E-6015ABBF4CB4}" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{FFB08827-23CE-4FFF-8B5F-1B4DAAF1B21E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"TCP Query User{0014723A-37A7-4C3F-A378-53C41E4CE426}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{0D27742F-5257-43C8-84EA-9E231B7DCE7B}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"TCP Query User{0F3135FD-083F-4404-B6E2-69293123C8F2}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{134391CC-2031-4295-AC94-FFE0E02E4318}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"TCP Query User{16D03AAE-DCDD-4174-BBEA-CC40722A5C37}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{1C32063D-52A0-4031-AC61-7B4139B83A2D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1F31CC17-6C9F-45DA-A643-E52FCF7ABC55}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{292CF821-DD17-4218-89C3-5207B01E550A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{2E14E686-E9F9-4B6A-8FD4-3C506F8B9EC3}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"TCP Query User{39DF4CF3-A5FC-4EEC-A7C4-1762C4EBB1FF}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{4BE721BA-D3A4-4D8D-B69E-2A7B6747D221}E:\spiele\dow\w40kwa.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"TCP Query User{503EE2B4-27D0-47B6-AB6E-9A0483594BD8}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{5EB5CE72-82D0-47C3-9679-4FE154E69268}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"TCP Query User{5FBFDC7D-4FD2-4134-BBB4-673685DCCF92}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{69CC34AE-A050-47F0-A138-8B6038D74588}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6AFAB6D0-E2FC-48BA-83F7-05EAE55483DB}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"TCP Query User{7385314B-85D2-42D0-8B7F-F620D9FF4F43}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{74C4E019-86D6-4FD1-871A-B7B60F9A3CF2}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"TCP Query User{79ED69AB-42AA-4B60-8B66-272845B68CBE}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{7D68FC6B-FABC-4781-A95C-487A550F6027}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"TCP Query User{8976449F-3BA8-4C1C-B1D8-318B0AFA9A1F}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{8C5F385C-E7F8-47DA-A08C-1BDDC269EA47}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{9935F3CE-57DD-495D-B697-94BFB55504C0}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"TCP Query User{AB3DBF77-F304-466C-8ADD-D21B3C8E353E}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"TCP Query User{C0428AC3-6D0C-4A44-9CD0-2C9D383B076F}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{C46CC9E1-FC62-42E1-8BE1-BCA9FD9EC549}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"TCP Query User{C49EAA02-60FF-4AD1-905C-9672FF9FA560}E:\program files\icq\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"TCP Query User{C5BE331E-0D81-4649-AA58-6B592113830F}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"TCP Query User{CACABA95-CCA6-4AE6-94FD-812FFD8EBDB7}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"TCP Query User{D17DD753-F69F-4869-8DFA-C4A93FCA0743}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"TCP Query User{D2B9AE61-7D39-4100-B18D-020070661285}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D2F8CD6E-DF6C-4517-AD88-C116E9D7997B}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"TCP Query User{DCC6B09F-61CB-4CCC-86BE-4B7E28A49B01}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"TCP Query User{DD8180FA-9C4E-44EA-A3DD-0191BE8D0267}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{E690B277-EA1C-4F70-82D3-91A8D83D7973}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F5C6E122-A674-4006-A3B2-62A824CF1CCE}E:\spiele\dow\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40k.exe | 
"TCP Query User{F5F4B250-D476-4AC7-816C-D3CCF1136CB6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{F780D198-5A14-42E4-9A7A-EFD0B98D85A3}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{0D019EB6-AF10-4B7A-AB56-40E018F47336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{14436E6F-4B9C-4229-AB99-01A04281056F}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{2D20C224-3A2C-42AF-876A-3E4A76F76D60}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 
"UDP Query User{36F4E5EB-30CF-4DC8-83A3-ECEC86F73298}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"UDP Query User{37DA6E4E-58ED-4CE0-9232-2B4963A5D371}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{47004818-6737-40C7-AF7E-0662A54BE024}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{4BF90717-43F7-44F7-A401-CB19EAB0815F}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"UDP Query User{4DCD9E04-70EF-465E-92B2-E2DBA9D481C1}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe | 
"UDP Query User{5CD2B3DA-0E1D-4139-A961-05F918CABF2C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{5CE010C9-65B6-4BC3-B424-2C7AC30DF5E4}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | 
"UDP Query User{64D9B77E-D7A6-4CE3-B8E3-DBB1893C701E}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{67363C7F-7A2D-4E1D-A0AB-37436FB3351F}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{708C39C5-CEB3-40A9-A5EF-74C2F62BE340}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"UDP Query User{77E6FEB7-9173-49BF-B73E-939E5056281C}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{7AD0CBA2-1BFD-47A6-8960-730FCC6D7D05}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{7D8AE906-6B1D-4B2A-9E4D-E0C91134E508}E:\spiele\dow\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40k.exe | 
"UDP Query User{8025A820-7070-4EEA-9FB0-2FB28D7A83EB}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe | 
"UDP Query User{813FDE57-BD86-4228-8C14-86344241A1D6}E:\program files\icq\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe | 
"UDP Query User{883C0B46-D51D-41ED-B29E-FE32BC5B308D}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe | 
"UDP Query User{88E88493-832B-40CB-AC8B-C7F46266FD0A}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 
"UDP Query User{8C104BB1-F90A-4731-ACA3-60025526958C}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{8CAFE158-FD02-48CF-B113-D64BFE3380D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{95B58C57-C7E0-40A4-BB24-3114F5184899}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe | 
"UDP Query User{9B8EA6B9-35B0-4D4E-AB07-14FA7E4DEE07}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{9F80FEA1-FAE2-4346-B9CA-7142DDCA07A5}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe | 
"UDP Query User{A50931E4-3059-4BC5-8981-579472C7746B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{A9E42F6A-83D6-48EA-926B-5083DF519523}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe | 
"UDP Query User{B82FB9C6-CC21-497A-80D7-716453542BEC}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe | 
"UDP Query User{B960B09B-C792-4245-9FFA-CBA497D472CA}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{BED86359-2871-4DE6-8094-ADE9C99EEAB7}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{C21CF168-1D81-4C42-9372-1A6050867737}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D03CBDA1-E7EA-4F78-9011-679CE91F7FEA}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{D662E869-6165-4515-A6C0-A5811427FCE4}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{D899DA01-7A3F-4D1E-88CA-7D23E8CEA58F}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{DF520C42-CF22-48AC-927B-A4F4F68EEEB5}E:\spiele\dow\w40kwa.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40kwa.exe | 
"UDP Query User{E6D57D9E-193A-49B3-A137-59746A9C660A}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"UDP Query User{EEAA92B9-51AA-4A79-8B6E-D5908079E2A6}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe | 
"UDP Query User{F85A4312-DEFF-42F0-BDF9-9A4DC49E76DF}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1 
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E25A554-0153-45A7-B342-49003A36367C}" = PDFtk Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe
"Inkscape" = Inkscape 0.48.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"TeamViewer 7" = TeamViewer 7
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.11.2012 12:31:13 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:19 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.11.2012 12:31:21 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 29.11.2012 12:42:37 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 5.1.0.16309 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 140    Startzeit: 
01cdce38ba4415d4    Endzeit: 0    Anwendungspfad: E:\Spiele\World of Warcraft\Wow.exe    Berichts-ID:
   
 
Error - 07.12.2012 08:26:12 | Computer Name = figur-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei  C:\Program
 Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.   [ACCESS_VIOLATION
 Exception!! EIP = 0x1e57462]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 12.12.2012 20:14:07 | Computer Name = figur-PC | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 16.01.2013 08:10:24 | Computer Name = figur-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: inkscape.exe, Version: 0.48.4.0, 
Zeitstempel: 0x50cf79ae  Name des fehlerhaften Moduls: inkscape.exe, Version: 0.48.4.0,
 Zeitstempel: 0x50cf79ae  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00796b3a  ID des fehlerhaften
 Prozesses: 0x1048  Startzeit der fehlerhaften Anwendung: 0x01cdf3e1279e46ea  Pfad der
 fehlerhaften Anwendung: E:\Program Files\Inkscape\inkscape.exe  Pfad des fehlerhaften
 Moduls: E:\Program Files\Inkscape\inkscape.exe  Berichtskennung: b432eed6-5fd5-11e2-8f0e-1c6f658620a9
 
Error - 30.01.2013 05:25:41 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e94    Startzeit: 01cdfecbaf241a15    Endzeit: 40    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 10.02.2013 09:33:34 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 18.02.2013 13:34:31 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
[ Media Center Events ]
Error - 04.09.2011 06:23:26 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:26 - Fehler beim Herstellen der Internetverbindung.  12:23:26 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.09.2011 06:23:38 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:32 - Fehler beim Herstellen der Internetverbindung.  12:23:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:52:57 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung.  15:52:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.09.2011 09:53:07 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:53:02 - Fehler beim Herstellen der Internetverbindung.  15:53:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:18:58 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:18:58 - Fehler beim Herstellen der Internetverbindung.  08:18:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 02:19:08 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:19:03 - Fehler beim Herstellen der Internetverbindung.  08:19:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:15 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:15 - Fehler beim Herstellen der Internetverbindung.  18:57:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.09.2011 12:57:25 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung.  18:57:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:19 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:19 - Fehler beim Herstellen der Internetverbindung.  12:45:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.09.2011 06:45:36 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:25 - Fehler beim Herstellen der Internetverbindung.  12:45:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 16.05.2013 12:33:55 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 16.05.2013 12:33:57 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AppleCharger  avipbb  CSC  DfsC  discache  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  sptd  ssmdrv
tcpipBM
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
 
Error - 16.05.2013 12:44:01 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
 "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = g:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
 
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 13:33:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.16 11:55:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- E:\teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.03 19:05:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 11:44:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- E:\Program Files\VMC\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\figur\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.02 12:23:05 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.07.06 04:22:55 | 000,648,808 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2011.07.03 19:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 19:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.07 11:21:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011.03.07 11:21:28 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011.03.07 11:20:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011.03.07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011.02.12 17:39:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.12 17:39:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.12 16:17:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.de.maxiwe.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DD D2 D4 53 D0 CB 01  [binary data]
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes,DefaultScope = {D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{C89A4C31-E138-41b2-A7C7-7A30DB2C13CD}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: E:\Program Files\VMC\Optimization Client\addon\ [2011.02.28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
 
[2011.03.05 21:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Extensions
[2012.11.04 14:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions
[2012.08.02 16:42:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.14 13:31:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 14:50:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\ffxtlbra@softonic.com
[2012.11.04 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\staged
[2012.11.04 14:29:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-1.xml
[2011.10.05 21:25:09 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-10.xml
[2011.11.13 15:22:11 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-11.xml
[2012.03.30 12:33:44 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-12.xml
[2011.06.11 15:14:33 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-2.xml
[2011.07.11 02:20:18 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-3.xml
[2011.08.15 16:57:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-4.xml
[2011.08.22 16:58:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-5.xml
[2011.09.01 21:10:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-6.xml
[2011.09.05 18:46:26 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-7.xml
[2011.09.08 23:24:58 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-8.xml
[2011.09.09 20:00:38 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = E:\Program Files\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = E:\Program Files\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.05.13 15:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [Spotify Web Helper] C:\Users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: drei.to ([games] https in Trusted sites)
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: x7.to ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A48842B-B5EF-4C72-95D0-6B6A8D3E40CC}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9927F8A-4FBE-4E06-802A-9286DB433134}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 15:35:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 15:35:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.15 15:35:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 15:35:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 15:35:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 15:35:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.15 15:35:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 15:33:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 14:41:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 14:41:49 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 14:41:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 14:41:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 14:41:42 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.13 18:33:04 | 004,346,816 | ---- | C] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Roaming\Malwarebytes
[2013.05.13 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 15:44:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.13 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.13 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\Programs
[2013.05.13 15:43:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\temp
[2013.05.13 15:23:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.13 15:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 15:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 15:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 15:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 15:19:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.13 15:16:56 | 005,069,265 | R--- | C] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:00:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 16:31:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Männertag 2013
[2013.05.10 11:47:45 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Mt13
[2013.04.29 23:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013.04.29 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013.04.18 16:23:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\DSK Praktikum
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.01.27 20:03:52 | 003,449,138 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2014.01.27 19:37:50 | 002,089,078 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.16 18:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 18:33:45 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 18:05:51 | 000,003,360 | ---- | M] () -- C:\bootsqm.dat
[2013.05.16 17:49:01 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 17:07:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job
[2013.05.16 16:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 16:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:29:19 | 000,664,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 16:29:19 | 000,624,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 16:29:19 | 000,134,932 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 16:29:19 | 000,110,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 16:26:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.16 12:46:10 | 002,729,109 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:51 | 000,114,522 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.16 11:55:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 11:55:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.16 10:05:56 | 003,917,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 14:40:15 | 000,000,266 | ---- | M] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:39:52 | 000,212,414 | ---- | M] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:07 | 000,125,337 | ---- | M] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 18:33:04 | 004,346,816 | ---- | M] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:51:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:44:26 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.13 15:24:42 | 005,069,265 | R--- | M] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:23:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.13 15:08:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 21:36:39 | 000,054,108 | ---- | M] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 20:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job
[2013.05.12 16:26:14 | 002,216,474 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:22 | 002,409,417 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:17:12 | 001,477,360 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | M] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.10 12:03:56 | 000,005,253 | ---- | M] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.16 18:05:51 | 000,003,360 | ---- | C] () -- C:\bootsqm.dat
[2013.05.16 17:48:37 | 000,000,004 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 12:46:09 | 002,729,109 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:50 | 000,114,522 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.15 14:40:15 | 000,000,266 | ---- | C] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:27:36 | 000,212,414 | ---- | C] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:17 | 000,125,337 | ---- | C] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 15:44:26 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.13 15:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 15:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 15:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 15:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 15:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.12 21:36:47 | 000,054,108 | ---- | C] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 16:34:07 | 002,089,078 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.12 16:31:52 | 003,449,138 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2013.05.12 16:26:14 | 002,216,474 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:08 | 002,409,417 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:12:17 | 001,477,360 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | C] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.08 09:30:33 | 000,005,253 | ---- | C] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.04 22:31:38 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2013.04.04 22:31:38 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2013.03.11 18:04:26 | 000,000,218 | ---- | C] () -- C:\Users\figur\AppData\Local\recently-used.xbel
[2012.07.23 21:28:01 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.03.11 17:08:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.11 16:04:00 | 000,098,304 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.dat
[2012.02.20 15:45:02 | 000,000,287 | ---- | C] () -- C:\Users\figur\AppData\Local\VersionChecker_17.xml
[2012.02.16 20:04:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.09.29 22:14:13 | 000,003,584 | ---- | C] () -- C:\Users\figur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.10 21:23:14 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2011.07.10 21:23:14 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011.06.11 00:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.11 00:36:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Alt 16.05.2013, 17:56   #15
markusg
/// Malware-holic
 
Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Standard

Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter



bHi,
surfe nur auf von mir genannten seiten, finger weg von illegalem misst wie kinox.to


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat
()
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter
7-zip, antivir, avira, battle.net, bho, black, browser, converter, desktop, error, excel, firefox, flash player, frage, google, grand theft auto, helper, iexplore.exe, install.exe, ip-hilfsdienst, logfile, modus, mp3, object, programm, realtek, registry, scan, software, spotify web helper, svchost.exe, taskhost.exe, teamspeak, trojaner, weißer bildschirm, windows



Ähnliche Themen: Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter


  1. GVU und Bundeskriminalamt Trojaner,PC fährt im abgesicherten modus sofort wieder runter
    Log-Analyse und Auswertung - 09.12.2013 (12)
  2. Win7 SP1 64Bit hängt nach Anmeldung / Fährt im abgesicherten Modus sofort runter
    Log-Analyse und Auswertung - 05.12.2013 (3)
  3. GVU Trojaner, Abgesicherter Modus fährt automatisch wieder runter
    Log-Analyse und Auswertung - 25.11.2013 (11)
  4. Windows 7 Home Premium nach Boot nur noch weißer Screen & Abgesicherter Modus startet sofort neu
    Plagegeister aller Art und deren Bekämpfung - 06.11.2013 (14)
  5. GVU Trojaner - Abgesicherter Modus fährt alleine runter
    Log-Analyse und Auswertung - 11.09.2013 (102)
  6. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (7)
  7. Vindowa Vista Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Log-Analyse und Auswertung - 06.09.2013 (1)
  8. [solved] 1. GVU; 2. abgesicherter Modus fährt sogleich wieder runter
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (1)
  9. Trojaner "urheberrecht Verletzung usw." Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (16)
  10. Trojaner, Abgesicherter Modus fährt sofort wieder runter
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (40)
  11. GVU Trojaner - Abgesicherter Modus fährt direkt runter
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (20)
  12. GVU Trojaner - Abgesicherter Modus fährt runter
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (14)
  13. GVU Trojaner? Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 24.06.2013 (15)
  14. Virus, weißer Bildschirm mit Zahlungsaufforderung, abgesicherter Modus fährt herunter
    Log-Analyse und Auswertung - 20.06.2013 (23)
  15. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (15)
  16. Weißer Bildschirm Virus, abgesicherter modus startet und fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 01.05.2013 (11)
  17. Sperrbildschirm, Ukash 100€, kein Taskmngr, Abgesicherter Modus fährt sofort runter
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (12)

Zum Thema Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter - Heyho, wie in dieser Frage http://www.trojaner-board.de/134171-...rt-runter.html (in der ich leider nicht antworten konnte) habe ich das gleiche Problem. Abgesicherter Modus fährt sofort wieder runter und normal der weiße Bildschirm mit - Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter...
Archiv
Du betrachtest: Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.