TB-Mobil | 02.02.2013 11:58 | Moin,
hab den Scan ausgeführt.
Die Logs sind hier:
Extras.txt:
OTL Logfile: Code:
OTL Extras logfile created on: 02.02.2013 11:37:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,22 Gb Paging File | 3,42 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,40 Gb Total Space | 5,54 Gb Free Space | 5,75% Space Free | Partition Type: NTFS
Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Drive E: | 141,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2025591093-2054289321-3464103709-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1025BA7F-E65F-445A-8F0B-BB527380EEE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{110F98CB-570C-4576-BC59-EA14E5EF8CE2}" = rport=138 | protocol=17 | dir=out | app=system |
"{409228E9-7407-4184-A3ED-247354B4C1FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56DED6A7-AAD0-4506-83BB-7D2F06B29FD1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{57FFD1AE-EA06-447F-A82C-5FA260655EF6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7E5B8CDA-2860-47D9-84F6-009642437F5A}" = lport=138 | protocol=17 | dir=in | app=system |
"{8BE6B0A8-1C75-45B5-9724-B10339A77230}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93917ED4-522D-4DC1-9B64-49C922B95475}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B207301-5F8B-4959-B036-ED274B281CA5}" = rport=139 | protocol=6 | dir=out | app=system |
"{ACEF2F67-2CD2-409F-AD56-A057E7D7B201}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B9A70F2D-CF28-4B22-BE63-DF611FF9C088}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3CE0CAD-5A92-4F46-81EE-4F6464178852}" = lport=445 | protocol=6 | dir=in | app=system |
"{E88D0E75-9841-4B89-8A81-9E7DB7A36007}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EBBB5DCF-2886-45D0-A361-E0C21AF3A3E9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED42027E-EF1F-4A83-8413-1DAEB8268BBC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FCFFC7ED-3CB8-4964-B61F-DF9237AC8796}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0707D78E-7A3A-40AA-9C28-351DD4D86547}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{10ECBF8D-51D7-4CB3-9079-C984730DA38D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28CF06E1-B883-4C45-82DA-8D872AAF5421}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{2A8F4F8B-A013-4D8C-9D86-DA8C80C68684}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{4A816557-44F0-4258-B990-30399C808F65}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4AD823A7-87BF-4F74-B71C-50374D510BC7}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{5C02C78F-1C6A-4863-A7E3-6A8120B50DC2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60F57D54-DCA4-41FE-B92D-7657A9EBA3E3}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{6ADECF92-38D5-4DF8-A029-ECDA82313C6F}" = protocol=6 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe |
"{6DB82D25-6BA6-433D-8BEC-67266E5C561E}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{918F9546-445D-42C0-96D6-AC3E95133990}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{98E13EF7-A5E3-4276-AFCC-444F528D0BC4}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{99344BF7-ADC1-419F-BFB0-C526A71AEAE8}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A955DCC3-C9A7-4A81-A73D-CFEA00C42BD8}" = protocol=17 | dir=in | app=c:\users\***\desktop\ida\ida pro advanced edition\idaq.exe |
"{AA46CFA1-DF29-4CB2-A003-65ADBFF51A1C}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{C173CA25-4085-4264-8B9C-EF8A08959F62}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C3A817AC-A2DE-4D11-B416-CF417C8FF660}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CE70920F-86E4-475B-BD44-43925A1FDE51}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D860027A-A72A-42BF-AD1C-19F6EA0E4CAB}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9FBD163-2FFF-4369-8FF1-360556129555}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DA1DF8BD-B041-400D-B579-42EBC4BCDD1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DDA096B0-0697-4E69-9361-860FCF9F9E29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ED2B07BC-4B18-4059-AB8C-08F0DEFA4929}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F02DFF1C-5EED-4926-A8BF-13CA5623672F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2ADE5C7-FBBC-4FF1-BECC-971400E619C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0A47FD98-07F6-439A-830C-08D85B30CAFE}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{0D06D730-1FB5-49A1-B898-B7037385AC2E}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{0E4D7702-061B-471B-9BF9-B55156CEAD05}C:\program files\emule0.49b\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.49b\emule.exe |
"TCP Query User{168D50F2-909B-44E7-A817-DD8A801324FF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1D60A7A3-527E-424D-8CC0-DFC55D5D0C35}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{24D848DE-85B2-4028-A39C-667A7FD51A92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{279F5BFA-EE07-471D-9C4B-3C3D091C539C}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{2A4E5A1F-5BE4-4562-9D75-752D34DD8E7F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2F634941-1993-4C82-AA58-8D46E1D05BDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{336A2B4A-A90D-430A-9B68-D49F912F9CB5}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{3D513C41-266D-4765-8613-FCF782E94FFB}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe |
"TCP Query User{3DE706B9-905B-4CA3-9335-C5704B21D783}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3E4440F6-41ED-4D21-8B0C-97B157A0E907}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{48F0B438-50A9-4358-831B-65740B38245D}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{4F15F754-DB4F-4BD1-9809-E1E45BEC5793}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{516B0038-27E6-4F4F-A81D-BCB182806348}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"TCP Query User{567A53B4-D250-462F-8A15-FD6542C53730}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe |
"TCP Query User{5A7D5166-CE16-47A8-8C28-1D1C85C8D4C9}C:\program files\emule0.48a\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"TCP Query User{5AB97D84-BD63-462A-BB9F-BF6FB310A225}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"TCP Query User{85D0A82F-D304-43D6-BEA7-0BADB45D9753}I:\stuff\blobby\volley.exe" = protocol=6 | dir=in | app=i:\stuff\blobby\volley.exe |
"TCP Query User{89DC0A4A-9BEC-43C0-9948-FA818515F544}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{9A97D0B4-2AE9-473F-8B5B-70AE17E535B6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A55D8537-91BD-49DF-AB11-9E397EE9BBAC}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{A9E6CF63-3687-4DBA-81DA-5E1DAF4E7CDA}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{B2C72289-7F41-45F0-A2C9-1EB56ABCDF08}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C360CBAD-E2CC-4F6F-9B26-D53AD1D9D77D}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{D8552CD8-7589-4F64-B672-2F051BFF247A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{D8EDD7D4-1298-45A5-9458-823C0D857F23}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DE1BB17D-3542-46C0-9016-8BD03ACE3B85}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe |
"TCP Query User{E96B3942-FE18-468F-8DB1-6EA90399873A}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{F22FC8FF-11FC-40CB-A8D1-7D0C0389345B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FD0A5A04-4ECA-4416-9A8E-1CF6BDFD2321}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{04058F6A-333D-40E5-B361-311CCEEA6EA6}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"UDP Query User{0441CEB9-F499-453A-8825-A2F6DDD87B9C}C:\program files\concept design\onlinetv 4\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 4\onlinetv.exe |
"UDP Query User{05E5A4FD-10BE-4619-9FCE-3F7B73633EA4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{156613AD-6EFA-4203-AE44-DDD39AAF889A}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{1E5F338F-6FAA-4E2C-93CB-D39601DB3708}C:\users\***\desktop\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\gta\gtawin\gtawin.exe |
"UDP Query User{20513F0C-BA0C-4C6D-874D-22D1A496D3D4}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{22B45105-2432-4373-83F4-AA54D71B9756}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{280070F5-D57A-4718-860D-35B3E461AF71}C:\program files\emule0.48a\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.48a\emule.exe |
"UDP Query User{290EC590-E521-424A-B4A0-C96911DCAEA0}I:\stuff\blobby\volley.exe" = protocol=17 | dir=in | app=i:\stuff\blobby\volley.exe |
"UDP Query User{36362BAC-49CB-4B55-AE11-F9FF4CC18C14}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{46BDD58D-26A9-4E64-9AC6-54562D8CCFDF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{495EE38D-86B4-4199-B62E-1E859AFC8A88}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BFD8AB0-E9AE-4780-AC61-D215AFD4BB06}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{531C25F3-8AB9-4BFC-8C70-2C994649F339}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{6DD64D81-4AF6-41F0-AF00-6E9325EBB574}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe |
"UDP Query User{77FD7AD8-7F58-4D17-893D-A10C73657E80}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{7A9F7A81-0DA3-4FEB-AC68-EA4884C32C58}C:\program files\emule0.49b\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule0.49b\emule.exe |
"UDP Query User{82A8C488-607B-4437-9FB7-944A9FE6599C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{ABBE2CF1-AFC3-49AE-9600-EC720D0F1BFE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{BE26C9EC-8698-4F25-AF3A-8408CBE4E4A1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{C54AADEE-1580-4612-88FA-9426A3F77D00}C:\users\***\desktop\games\gta\gtawin\gtawin.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\games\gta\gtawin\gtawin.exe |
"UDP Query User{CABFCD5E-26C7-4001-A9A9-FC82AFAFC177}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CF22CF37-D23B-4893-AEFA-0C6766C329F4}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{D05C1B57-2FB7-45E9-A52A-D6F01F4FF26C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{D3FF2FE7-13E9-4D27-9E4E-3257B4FBEA45}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DC48C01B-21BE-4437-83B1-03B85010FFDF}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{E8482BD2-BDFD-422D-98DA-838C4B005C36}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{EC55A03F-204D-4DED-941D-F9E4F686DCA6}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EC85F72F-6CB1-48FF-8858-FCF2F4E6CFB8}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{ECB7203B-CC76-4A54-957C-0F885BE2D140}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{F008D385-E078-4172-B975-B5CDF2AFE143}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FB57B8BA-6056-4F8B-BEA2-0465E7EE8D51}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{57F66B4D-C3C6-4CE2-AA9C-CDDE448F5DC1}" = ape@map
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{809B22DC-A386-4F22-0023-DE0000000001}" = EXAM 11.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{83B0CE83-BE3C-464B-851B-19555F6A8633}" = Vista Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F9BE2A8-2FA2-438E-934B-6F237B641167}" = Cooliris for Internet Explorer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B148E192-F289-4297-85BF-70E2A422EB25}_is1" = Android-Sync (PRE-ALPHA) ver0.192a
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4278936-73B8-4250-AF88-21E26249D5F8}" = REFPROP
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{ECE355F2-E477-47db-83DA-6311841ABC23}}_is1" = Sceneo Vcopy Version 1.5
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2705192-1C10-4FD9-A10F-47D9D9706287}" = PowerArchiver 2007 German
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Air Video Server" = Air Video Server 2.4.3
"Allway Sync_is1" = Allway Sync version 12.0.12
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayTask" = Maintenance Manager
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CD/DVD Diagnostic" = CD/DVD Diagnostic
"CloneCD" = CloneCD
"Contour Storyteller 3.0.1" = Contour Storyteller
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.7.7 (09/10/2012)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.2.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.8.1 Home Edition
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free iPad Video Converter_is1" = Free iPad Video Converter 3.7.2.1
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF (Remove only)
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Grand Theft Auto" = Grand Theft Auto
"HandBrake" = HandBrake 0.9.5
"IDA Pro Free_is1" = IDA Pro Free v4.9
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"IsoBuster_is1" = IsoBuster 2.3
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"LastFM_is1" = Last.fm 1.5.4.24567
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.80 (remove only)
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Messer_is1" = Messer v0.992
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mp3tag" = Mp3tag v2.44
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"NfoDiz 6.0 Setup" = NfoDiz 6.0 Setup
"NSchach3a_is1" = N Schach 3 beta
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = Anzeige am Bildschirm
"Orbit_is1" = Orbit Downloader
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCFriendly" = PCFriendly
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SecondLife" = SecondLife (remove only)
"sevMail ActiveX_is1" = sevMail ActiveX 1.3.0.121
"ST6UNST #1" = List Maker
"Stellarium_is1" = Stellarium 0.11.1
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.5
"Update Engine" = Sony Ericsson Update Engine
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Videoload Manager" = Videoload Manager 2.0.2200
"Videora iPod nano Converter" = Videora iPod nano Converter 5.03
"Visual Studio 6.0 Professional Edition (deu)" = Microsoft Visual Studio 6.0 Professional Edition (Deutsch)
"VLC media player" = VLC media player 2.0.3
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"Winamp" = Winamp
"Windows Password Recovery Lastic_is1" = Windows Password Recovery Lastic 1.0
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.93
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bb91a114638258b8" = Google Contact Sync
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"webGAMET" = webGAMET
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 14:51:17 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rrservice.exe, Version 4.10.314.0, Zeitstempel
0x4693e5ea, fehlerhaftes Modul rrservice.exe, Version 4.10.314.0, Zeitstempel 0x4693e5ea,
Ausnahmecode 0xc0000005, Fehleroffset 0x000018ff, Prozess-ID 0xc50, Anwendungsstartzeit
01cdf99a5098ddd2.
Error - 23.01.2013 14:57:09 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059,
fehlerhaftes Modul spmtr.exe, Version 3.10.300.0, Zeitstempel 0x4693e059, Ausnahmecode
0xc0000005, Fehleroffset 0x00005a57, Prozess-ID 0xe38, Anwendungsstartzeit 01cdf99b5ef49122.
Error - 23.01.2013 14:58:39 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x117c, Anwendungsstartzeit
01cdf99b89042cf2.
Error - 23.01.2013 14:59:39 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x12b0, Anwendungsstartzeit
01cdf99bad871972.
Error - 23.01.2013 15:00:39 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x142c, Anwendungsstartzeit
01cdf99bd02874b2.
Error - 23.01.2013 15:01:39 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x1544, Anwendungsstartzeit
01cdf99bf28796d2.
Error - 23.01.2013 15:02:39 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung nspect.exe, Version 3.10.300.0, Zeitstempel
0x4693e03b, fehlerhaftes Modul ndisk.dll, Version 3.10.300.0, Zeitstempel 0x4693e036,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a8ae, Prozess-ID 0x16ac, Anwendungsstartzeit
01cdf99c1ae3c5e2.
Error - 25.01.2013 13:36:28 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LogonUI.exe, Version 6.0.6001.18000, Zeitstempel
0x47918daf, fehlerhaftes Modul ATCSSINT.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4613f816, Ausnahmecode 0xc0000005, Fehleroffset 0x05756440, Prozess-ID 0x444,
Anwendungsstartzeit 01cdfb2273d324be.
Error - 25.01.2013 14:09:12 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 12.0.6661.5000, Zeitstempel
0x4f7cd9da, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x745e74b2, Prozess-ID 0x100, Anwendungsstartzeit
01cdfb26fd4e5141.
Error - 31.01.2013 12:51:22 | Computer Name = TB-Mobil | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung notepad.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ea2, fehlerhaftes Modul gdiplus.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4f2bf90a, Ausnahmecode 0xc0000005, Fehleroffset 0x740374b2, Prozess-ID 0xe90,
Anwendungsstartzeit 01cdffd2fc6410ff.
[ NetLimiter Events ]
Error - 24.02.2008 14:52:50 | Computer Name = TB-Mobil | Source = NetLimiter 2 | ID = 1000
Description = NetLimiter trial expired.
[ OSession Events ]
Error - 17.12.2007 13:26:38 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3507
seconds with 120 seconds of active time. This session ended with a crash.
Error - 25.02.2010 12:54:48 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 202
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.01.2013 14:09:11 | Computer Name = TB-Mobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.01.2013 14:56:10 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7000
Description =
Error - 30.01.2013 14:56:10 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7034
Description =
Error - 30.01.2013 15:04:47 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7000
Description =
Error - 30.01.2013 15:04:47 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7034
Description =
Error - 31.01.2013 11:35:17 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7000
Description =
Error - 31.01.2013 11:35:17 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7034
Description =
Error - 31.01.2013 12:50:55 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7000
Description =
Error - 31.01.2013 12:50:55 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7034
Description =
Error - 02.02.2013 06:24:06 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7000
Description =
Error - 02.02.2013 06:24:06 | Computer Name = TB-Mobil | Source = Service Control Manager | ID = 7034
Description =
< End of report > --- --- ---
OTL.txt:
OTL Logfile: Code:
OTL logfile created on: 02.02.2013 11:37:00 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,01% Memory free
4,22 Gb Paging File | 3,42 Gb Available in Paging File | 80,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 96,40 Gb Total Space | 5,54 Gb Free Space | 5,75% Space Free | Partition Type: NTFS
Drive D: | 47,30 Gb Total Space | 9,77 Gb Free Space | 20,65% Space Free | Partition Type: NTFS
Drive E: | 141,45 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TB-MOBIL | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll ()
========== Services (SafeList) ==========
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (rpcnet) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (OpcEnum) -- C:\Windows\System32\Opcenum.exe (OPC Foundation)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (nlsvc) -- C:\Programme\NetLimiter 2 Pro\nlsvc.exe (Locktime Software)
SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NSNDIS5) -- C:\Windows\system32\NSNDIS5.SYS File not found
DRV - (nixsrkw) -- system32\DRIVERS\nixsrkw.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC)
DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC)
DRV - (dvdfab) -- C:\Windows\System32\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (nltdi) -- C:\Windows\System32\drivers\nltdi.sys (Locktime Software)
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (CDRPDACC) -- C:\Programme\InfinaDyne\Shared\CDRPDACC.SYS (Arrowkey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6091C9F7-19C2-42AD-B8D3-A44DA4CDC733}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=iglk
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..\SearchScopes\{847B4734-CA42-4B30-83B1-10C89310A4F8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.07.22 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.04 18:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.04 18:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.11 11:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.23 17:23:27 | 000,000,000 | ---D | M]
[2010.02.23 17:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.01 08:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions
[2010.05.16 15:26:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 19:31:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.26 11:46:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.06.14 21:37:21 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\0geh3hg9.default\extensions\facepad@lazyrussian.com
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2010.03.31 18:53:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.03 16:12:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.03.27 10:30:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 20:45:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.02.22 14:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.06.27 19:41:17 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2011.06.14 21:53:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.14 21:53:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.14 21:53:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.14 21:53:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.14 21:53:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.14 21:53:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/ig?hl=de&source=iglk
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/ig?hl=de&source=iglk
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: fluxDVD Browser Plugin (Enabled) = C:\Program Files\Common Files\mpDRM\NPMPDRM.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: fluxDVD Placeholder Plugin (Enabled) = C:\Program Files\Videoload Manager\NPWMDRMWrapper.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2025591093-2054289321-3464103709-1003\..Trusted Domains: apemap.com ([]http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A22A7612-A91E-4D35-96D2-16A05D5F388F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD98FF75-9315-4485-81B0-7FED0807963F}: NameServer = 192.168.2.1
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013.01.31 17:02:00 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.31 17:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LaunchPad
[2013.01.30 19:53:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.27 14:57:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.27 14:17:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.27 14:17:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.27 14:17:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.27 14:16:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.27 14:15:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.27 14:15:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.27 14:09:04 | 005,027,618 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.27 11:35:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.01.27 11:34:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.25 19:15:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.25 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.01.23 17:34:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 17:23:27 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.23 17:23:27 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.23 17:22:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.23 17:22:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.23 17:22:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.21 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.21 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.21 21:05:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.21 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.06 02:54:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{99B320C2-3D70-4476-962C-233A4A4783EC}
[2013.01.05 14:53:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{992A9D7C-9BCB-4975-8CA1-F7064550786A}
[2013.01.05 12:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux_2.6.1
[2013.01.03 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2008.04.04 21:08:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.02 11:32:52 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003UA.job
[2013.02.02 11:32:32 | 000,002,097 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2013.02.02 11:23:07 | 000,025,181 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2013.02.02 11:22:48 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2013.02.02 11:22:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.02 11:22:37 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 11:22:36 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013.02.02 11:22:36 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.02 11:22:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013.02.02 11:22:29 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2013.02.02 11:22:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.31 17:54:38 | 000,004,796 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.31 17:50:03 | 000,044,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2013.01.31 17:01:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.29 18:27:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2025591093-2054289321-3464103709-1003Core.job
[2013.01.29 17:57:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.28 20:26:56 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.01.27 14:09:17 | 005,027,618 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.27 11:35:42 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.01.27 11:34:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.01.27 11:05:03 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2013.01.25 19:02:51 | 000,052,727 | ---- | M] () -- C:\Users\***\Desktop\l-2196.jpg
[2013.01.25 19:02:42 | 000,118,627 | ---- | M] () -- C:\Users\***\Desktop\l-2197.jpg
[2013.01.25 18:40:01 | 000,019,078 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung2.jpg
[2013.01.25 17:22:17 | 000,015,336 | ---- | M] () -- C:\Users\***\Desktop\Fehlermeldung.jpg
[2013.01.23 18:03:07 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.23 17:25:01 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.23 17:22:37 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.23 17:22:35 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.23 17:22:35 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.01.23 17:22:35 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.23 17:22:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.23 17:22:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.23 17:22:03 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 21:05:31 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.20 16:04:11 | 000,001,356 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2013.01.20 15:57:43 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.20 15:57:43 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.13 18:10:02 | 000,003,180 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013.01.13 13:37:49 | 000,652,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.13 13:37:49 | 000,135,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.13 13:37:49 | 000,009,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.13 13:37:49 | 000,006,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.06 12:08:31 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.01.06 12:08:30 | 000,123,904 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.28 20:27:14 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2013.01.27 14:17:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.27 14:17:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.27 14:17:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.27 14:17:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.27 14:17:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.25 19:02:51 | 000,052,727 | ---- | C] () -- C:\Users\***\Desktop\l-2196.jpg
[2013.01.25 19:02:42 | 000,118,627 | ---- | C] () -- C:\Users\***\Desktop\l-2197.jpg
[2013.01.25 18:40:01 | 000,019,078 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung2.jpg
[2013.01.25 17:22:17 | 000,015,336 | ---- | C] () -- C:\Users\***\Desktop\Fehlermeldung.jpg
[2013.01.23 18:03:06 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.23 17:24:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.23 17:22:33 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.21 21:05:31 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.05 18:54:55 | 000,000,080 | ---- | C] () -- C:\Users\***\AppData\Local\X-Plane Installer.prf
[2012.02.23 19:21:58 | 000,004,529 | ---- | C] () -- C:\Users\***\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.pdf
[2012.02.23 19:19:58 | 000,010,231 | ---- | C] () -- C:\Users\***\******_t***_elster_2048 - ALT.pfx
[2011.11.11 16:55:32 | 000,000,186 | ---- | C] () -- C:\Windows\KLETT.INI
[2011.11.11 16:52:04 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2011.02.16 21:19:09 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.16 21:19:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.25 20:04:45 | 000,038,434 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2010.04.15 17:04:42 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.04.02 19:32:23 | 000,610,304 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata
[2010.04.02 18:57:43 | 000,027,503 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.02.09 17:58:28 | 103,082,663 | ---- | C] () -- C:\Users\***\Archiv.CTF
[2009.05.12 18:25:11 | 000,010,599 | ---- | C] () -- C:\Users\***\******_t***_elster_2048.pfx
[2008.11.27 11:37:16 | 002,327,552 | ---- | C] () -- C:\Users\***\AppData\Local\cooliris-win-ie-release-1.9.0.16396.msi
[2008.05.14 16:16:33 | 000,000,016 | ---- | C] () -- C:\Users\***\persistent_state
[2008.04.04 21:08:36 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2008.04.04 21:08:36 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2007.12.01 21:49:34 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.10.05 12:30:14 | 000,009,327 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2007.10.02 08:25:20 | 000,021,858 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2007.10.01 16:52:53 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.09.27 16:26:47 | 000,123,904 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2007.09.27 15:17:33 | 000,044,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2007.09.27 15:01:17 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty
< End of report > --- --- ---
Viele Grüße,
Torben |