| matzepatze | 25.07.2013 19:02 |
Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir
Hallo,
seit gestern habe ich ein paar Probleme auf meinen Windows Vista System. Die Kommandozeile lässt sich nicht mehr öffnen. Nicht aus dem Menü und auch nicht aus dem System32-Ordner. Ich habe probeweise einen neuen Benutzer erstellt, welcher die Kommandozeile ausführen kann. Beim Bearbeiten der Schritte zur Log-Erstellung konnte ich feststellen, dass sich AntiVir nicht deaktivieren lässt.
Zur Sicherheit hier die Logs:
OTL: Zitat:
OTL logfile created on: 7/25/2013 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.93% Memory free
8.17 Gb Paging File | 6.09 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.47 Gb Total Space | 35.48 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS
Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
PRC - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 10:39:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2013/04/03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2011/02/28 10:44:18 | 001,579,520 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
PRC - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008/10/13 15:57:54 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/10/13 15:53:48 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/06 14:40:26 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/01/16 21:06:32 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/06/20 15:20:52 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/25 21:42:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/17 14:23:00 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/17 14:22:52 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters)
SRV - [2013/07/21 09:35:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/26 16:17:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/04 20:17:41 | 004,382,968 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor)
SRV - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager)
SRV - [2010/11/08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 21:42:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lmabcoms.exe -- (lmab_device)
SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 12:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/13 12:18:16 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013/04/30 11:11:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/04/30 11:11:00 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/04/30 11:10:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/02/12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/06/04 20:19:18 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\oanet.sys -- (OAnet)
DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/26 21:49:10 | 000,016,760 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\sepdal.sys -- (sepdal)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2010/11/08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/11/05 13:58:12 | 000,273,088 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF9035BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009/11/02 15:38:02 | 000,865,344 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys -- (mod7700)
DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/03 15:05:45 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm147.sys -- (tdrpman147)
DRV:64bit: - [2009/06/03 15:05:33 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2009/06/03 15:05:33 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2009/06/03 15:05:24 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380)
DRV:64bit: - [2009/04/11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/10/23 07:45:58 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/10/23 07:45:56 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/10/23 07:45:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/09/22 13:44:28 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/28 07:09:32 | 003,154,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64)
DRV:64bit: - [2008/08/06 14:40:30 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx)
DRV:64bit: - [2008/07/23 11:51:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/17 14:23:14 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/06/19 14:22:46 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev)
DRV:64bit: - [2006/11/07 03:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2006/11/07 01:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/11/07 01:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2006/11/02 09:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/04/20 08:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SENTINEL64.SYS -- (Sentinel)
DRV - [2012/06/04 20:19:18 | 000,040,512 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2012/06/04 20:19:17 | 000,061,624 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2012/06/04 20:16:11 | 000,061,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2004/04/05 08:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Capi20.sys -- (CAPI20)
DRV - [2003/03/19 14:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DETEWECP.SYS -- (DETEWECP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8CC1B7C0-3FDB-4368-82C6-F39F339FB180}
IE:64bit: - HKLM\..\SearchScopes\{8CC1B7C0-3FDB-4368-82C6-F39F339FB180}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\XChangePDFViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox351\components [2010/02/20 10:50:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox351\plugins [2012/09/25 17:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Sunbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Thunderbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 17:13:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M]
[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/25 17:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions
[2010/04/29 08:43:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 19:37:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\firefox@tvunetworks.com
[2011/12/19 14:17:47 | 000,000,933 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\11-suche.xml
[2011/12/19 14:17:47 | 000,002,419 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\englische-ergebnisse.xml
[2011/12/19 14:17:47 | 000,010,525 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\gmx-suche.xml
[2011/12/19 14:17:47 | 000,002,457 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\lastminute.xml
[2011/12/19 14:17:47 | 000,005,508 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\webde-suche.xml
[2013/06/25 09:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 09:50:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012/06/18 10:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/18 10:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 10:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/02/15 22:04:06 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012/06/18 10:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/18 10:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/18 10:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={goo gle:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox351\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2009/05/25 14:27:19 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F424424-480A-472D-AC66-23A440330559}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell - "" = AutoRun
O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/07/25 11:01:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/24 15:09:10 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator
[2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013/07/24 15:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013/07/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013/07/22 03:01:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ythu
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ylpayp
[2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ilkid
[2013/06/26 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/25 11:02:54 | 000,377,856 | ---- | M] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/25 10:10:53 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/07/25 10:10:53 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/07/25 10:10:23 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 10:10:22 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/25 10:10:17 | 003,181,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 10:09:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/25 09:46:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013/07/24 15:08:36 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/24 08:06:37 | 000,001,782 | -H-- | M] () -- C:\Users\Matze\Documents\Default.rdp
[2013/07/21 09:35:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/21 09:05:19 | 000,000,600 | ---- | M] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2013/07/21 05:32:47 | 000,000,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2013/07/18 19:10:47 | 001,776,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 19:10:47 | 000,753,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/07/18 19:10:47 | 000,703,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 19:10:47 | 000,174,794 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/07/18 19:10:47 | 000,148,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/16 12:57:52 | 000,011,544 | ---- | M] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/15 15:34:32 | 000,000,508 | ---- | M] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/13 08:31:02 | 000,002,044 | ---- | M] () -- C:\Users\Matze\Desktop\Google Chrome.lnk
[2013/07/13 08:25:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:58 | 000,767,723 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:01:15 | 001,161,686 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/08 08:16:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
[2013/07/08 08:00:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 11:13:36 | 000,041,158 | ---- | M] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | M] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:08 | 001,375,797 | ---- | M] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | M] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:14 | 001,251,889 | ---- | M] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | M] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:53 | 000,671,065 | ---- | M] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 15:22:39 | 000,005,142 | ---- | M] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 14:32:35 | 014,343,128 | ---- | M] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 10:21:54 | 000,003,448 | ---- | M] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:44 | 000,002,255 | ---- | M] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/25 11:02:59 | 000,377,856 | ---- | C] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe
[2013/07/25 10:46:56 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable
[2013/07/25 10:46:08 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe
[2013/07/24 15:08:36 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013/07/16 08:20:10 | 000,000,508 | ---- | C] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R
[2013/07/15 22:46:15 | 000,011,544 | ---- | C] () -- C:\Users\Matze\Desktop\fert_var.R
[2013/07/13 08:25:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
[2013/07/12 20:00:42 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
[2013/07/08 13:01:57 | 000,767,723 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf
[2013/07/08 13:00:38 | 001,161,686 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf
[2013/07/07 11:13:36 | 000,041,158 | ---- | C] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf
[2013/07/07 11:02:56 | 002,921,444 | ---- | C] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf
[2013/07/07 10:57:07 | 001,375,797 | ---- | C] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf
[2013/07/05 16:36:46 | 001,842,004 | ---- | C] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf
[2013/07/05 16:35:13 | 001,251,889 | ---- | C] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf
[2013/07/05 16:33:55 | 000,705,320 | ---- | C] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf
[2013/07/05 16:31:52 | 000,671,065 | ---- | C] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf
[2013/07/05 14:31:59 | 014,343,128 | ---- | C] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf
[2013/07/05 12:59:06 | 000,005,142 | ---- | C] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R
[2013/07/05 10:21:54 | 000,003,448 | ---- | C] () -- C:\Users\Matze\Documents\no3leachsub.pdf
[2013/07/02 09:15:36 | 000,002,255 | ---- | C] () -- C:\Users\Matze\Desktop\nitrate_shape.R
[2013/05/31 15:26:39 | 000,000,268 | ---- | C] () -- C:\Users\Matze\advanced_ip_scanner_MAC.bin
[2013/03/08 13:13:35 | 000,002,276 | ---- | C] () -- C:\Users\Matze\.recently-used.xbel
[2013/02/18 22:37:16 | 021,748,128 | ---- | C] () -- C:\Users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe
[2013/02/13 11:00:47 | 000,131,504 | ---- | C] () -- C:\Users\Matze\testjabref.xml
[2013/01/28 16:42:58 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/17 18:19:04 | 000,313,014 | ---- | C] () -- C:\Users\Matze\Gewässer.rar
[2012/06/18 11:31:34 | 001,756,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2012/02/17 09:39:29 | 000,047,832 | ---- | C] () -- C:\Users\Matze\Meine Konten_20120217T083929.gsb
[2012/02/16 21:59:15 | 000,019,036 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205915.gnucash
[2012/02/16 21:53:57 | 000,018,792 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205357.gnucash
[2012/02/16 19:15:17 | 000,016,473 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216181517.gnucash
[2012/02/16 18:39:13 | 000,016,348 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173913.gnucash
[2012/02/16 18:37:51 | 000,005,608 | ---- | C] () -- C:\Users\Matze\AppData\Local\recently-used.xbel
[2012/02/16 18:37:39 | 000,016,182 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173739.gnucash
[2012/02/16 18:30:25 | 000,016,019 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173025.gnucash
[2012/02/16 18:14:28 | 000,004,097 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216171428.gnucash
[2012/02/16 18:07:11 | 000,000,610 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170711.gnucash
[2012/02/16 18:06:24 | 000,016,013 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170624.gnucash
[2012/02/16 18:00:11 | 000,004,228 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170011.gnucash
[2012/02/16 17:51:43 | 000,004,470 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216165143.gnucash
[2012/02/16 17:24:17 | 000,004,075 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216162417.gnucash
[2012/02/16 17:22:15 | 000,019,032 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash
[2012/02/07 15:07:42 | 000,000,600 | ---- | C] () -- C:\Users\Matze\AppData\Local\PUTTY.RND
[2012/02/01 18:27:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011/09/27 13:52:04 | 000,026,162 | ---- | C] () -- C:\Users\Matze\holzrahmen_drahtgflech+.2011_09_27_13_52_04.0.svg
[2011/09/27 13:19:24 | 000,022,771 | ---- | C] () -- C:\Users\Matze\Neues Dokument 13.2011_09_27_13_19_24.0.svg
[2010/11/25 20:16:25 | 000,004,096 | -H-- | C] () -- C:\Users\Matze\AppData\Local\keyfile3.drm
[2010/09/28 20:28:44 | 000,053,847 | ---- | C] () -- C:\Users\Matze\Direkt_Depot_8951303030_Wertpapier_Terminsache_DE0005140008_201.2010_09_28_20_28_44.0.svg
[2010/08/22 12:18:18 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_18_18.0.svg
[2010/08/22 12:17:12 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_17_12.0.svg
[2010/08/18 14:18:58 | 000,000,016 | ---- | C] () -- C:\Users\Matze\.gtk-bookmarks
[2010/08/04 13:09:55 | 000,047,843 | ---- | C] () -- C:\Users\Matze\Neues Dokument 1.2010_08_04_13_09_55.0.svg
[2010/06/07 21:21:09 | 000,032,811 | ---- | C] () -- C:\Users\Matze\antrag.bst
[2010/06/07 21:05:44 | 000,018,067 | ---- | C] () -- C:\Users\Matze\antrag.dbj
[2009/11/09 14:19:46 | 000,031,497 | ---- | C] () -- C:\Users\Matze\versuch_test.bst
[2009/11/09 14:12:52 | 000,018,872 | ---- | C] () -- C:\Users\Matze\antrag_test.dbj
[2009/11/09 14:09:30 | 000,030,744 | ---- | C] () -- C:\Users\Matze\neuest.bst
[2009/11/09 14:01:17 | 000,018,869 | ---- | C] () -- C:\Users\Matze\neuest.dbj
[2009/11/09 13:56:49 | 000,001,495 | ---- | C] () -- C:\Users\Matze\neu.bst
[2009/11/09 13:55:49 | 000,001,076 | ---- | C] () -- C:\Users\Matze\neu.dbj
[2009/11/06 09:15:50 | 000,035,099 | ---- | C] () -- C:\Users\Matze\pathdef.m
[2009/10/20 11:05:28 | 000,001,517 | ---- | C] () -- C:\Users\Matze\germanstyle.bst
[2009/10/20 11:04:14 | 000,001,091 | ---- | C] () -- C:\Users\Matze\germanstyle.dbj
[2009/10/20 08:00:58 | 000,030,191 | ---- | C] () -- C:\Users\Matze\test2.bst
[2009/10/20 07:51:11 | 000,018,104 | ---- | C] () -- C:\Users\Matze\test2.dbj
[2009/10/17 12:27:47 | 000,031,222 | ---- | C] () -- C:\Users\Matze\test.bst
[2009/10/17 12:08:34 | 000,027,394 | ---- | C] () -- C:\Users\Matze\test.dbj
[2009/10/06 10:51:12 | 000,000,014 | ---- | C] () -- C:\Users\Matze\geonext.ini
[2009/10/05 10:01:09 | 000,032,116 | ---- | C] () -- C:\Users\Matze\ownstyle.bst
[2009/10/05 09:42:28 | 000,027,492 | ---- | C] () -- C:\Users\Matze\ownstyle.dbj
[2009/05/23 13:58:45 | 000,000,186 | ---- | C] () -- C:\Users\Matze\AppData\Local\RAExpertHistory.xml
[2009/04/16 19:47:08 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat
[2009/03/23 10:54:50 | 000,002,806 | ---- | C] () -- C:\Users\Matze\.jmf-resource
[2009/03/11 20:47:32 | 000,117,760 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 10:36:03 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/11 10:27:09 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n.
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$6e2d6f99c183032ac3dd1b6968c33d41\n.
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/05/15 18:54:15 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\AAV
[2009/06/03 15:46:28 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Acronis
[2012/08/06 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Audacity
[2010/10/19 21:13:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\BirdieSync
[2013/04/19 08:19:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\calibre
[2009/04/19 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Canneverbe_Limited
[2010/04/28 13:27:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CasinoOnNet
[2013/03/08 17:54:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\cef-cache
[2012/05/19 16:09:47 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CheckPoint
[2011/11/24 09:31:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ChemBuddy
[2009/11/22 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Cisco
[2009/03/10 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DassaultSystemes
[2013/07/25 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Dropbox
[2010/08/13 13:06:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\EndNote
[2011/01/18 10:47:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Epsitec Cache
[2012/08/13 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ESRI
[2009/03/18 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\FileZilla
[2011/05/04 14:01:34 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\GHISLER
[2012/02/17 09:39:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Grisbi
[2012/08/13 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\gtk-2.0
[2012/01/07 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Gutscheinmieze
[2013/07/04 17:13:29 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ilkid
[2010/08/03 16:15:55 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\inkscape
[2012/11/14 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\IrfanView
[2009/03/17 20:57:44 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\J River
[2010/05/23 12:04:20 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\JabRef 2.5
[2010/10/14 15:54:12 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Miranda
[2011/06/25 20:46:22 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\MyPhoneExplorer
[2010/03/14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia
[2010/03/14 19:47:14 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Nokia Ovi Suite
[2013/04/30 15:35:36 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Notepad++
[2012/05/19 16:48:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\OnlineArmor
[2011/01/18 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\OPaC bright ideas
[2011/12/30 11:32:17 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PacificPoker
[2012/10/06 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Party
[2010/03/14 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PC Suite
[2010/05/17 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\PixelPlanet
[2012/06/25 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\RStudio
[2010/07/29 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Safe Software
[2010/05/02 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\SmartDraw
[2013/07/24 15:09:03 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator
[2012/02/01 18:28:12 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TaxNMore
[2011/01/11 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\TerraTec
[2010/08/17 13:24:07 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2010/05/03 11:37:58 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\USEPA_WASP
[2013/07/08 08:12:56 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ylpayp
[2013/07/08 08:24:46 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Ythu
========== Purity Check ==========
< End of report >
|
Extra-Log: Zitat:
OTL Extras logfile created on: 7/25/2013 11:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matze\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 62.93% Memory free
8.17 Gb Paging File | 6.09 Gb Available in Paging File | 74.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.47 Gb Total Space | 35.48 Gb Free Space | 12.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS
Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 71 FA 5D 46 88 01 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{240FCE0B-F553-4ab3-9C7B-3CD082FCA117}" = NetDeviceManager64
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4FC945A7-D54E-4F00-BE32-90553F80FCE8}" = ActivePerl 5.14.2 Build 1402 (64-bit)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5563A0F6-CF81-451E-87AD-A50075BCA9B7}" = QuickSet
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{967B4C7D-3914-41C3-803E-28C414B74A10}" = Debugging Tools for Windows 64-bit
"{97407E09-4EA8-49F0-A513-2C1776A6DEC0}" = Sentinel System Driver(64-bit) 7.2.2
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Kyocera Product Library" = Kyocera Product Library
"Lexmark_HostCD" = Lexmark Software deinstallieren
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"R for Windows 3.0.0_is1" = R for Windows 3.0.0
"Shop for HP Supplies" = Shop for HP Supplies
"SmartDraw PDF Export_is1" = SmartDraw PDF Export (novaPDF 6.4 printer)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS License Manager 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45E46848-AD24-4E6C-9751-F5B5FD2C15FF}_is1" = DIVA-GIS 7.3
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{843C64D7-117C-4A97-8E21-FD393A427249}" = ArcGIS Desktop 10 German Supplement
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A6B642C7-5E7A-41DE-9792-342C2D7AC848}" = ArcSWAT
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA5DEB6B-E108-4652-BFEC-C9B95446F244}" = Advanced IP Scanner
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"888Casino" = 888Casino
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"ArcGIS Desktop 10 German Supplement" = ArcGIS Desktop 10 German Supplement
"ArcGIS Desktop 10 German Supplement SP4" = ArcGIS Desktop 10 German Supplement Service Pack 4
"ArcGIS Desktop 10 German Supplement SP5" = ArcGIS Desktop 10 German Supplement Service Pack 5
"ArcGIS Desktop 10 SP4" = ArcGIS Desktop 10 Service Pack 4
"ArcGIS Desktop 10 SP5" = ArcGIS Desktop 10 Service Pack 5
"ArcGIS License Manager 10" = ArcGIS License Manager 10
"ArcGIS License Manager 10 SP3" = ArcGIS License Manager 10 Service Pack 3
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"BirdieSync" = BirdieSync 2.1.0.1
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"Cinergy T-Stick" = Cinergy T-Stick V8.08.18.01
"COMSOL35a" = COMSOL 3.5a
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.0
"FileZilla Server" = FileZilla Server (remove only)
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JabRef 2.9.2" = JabRef 2.9.2
"LAME_is1" = LAME v3.99.3 (for Windows)
"Media Jukebox 12" = Media Jukebox 12
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"OnlineArmor_is1" = Online Armor 5.5
"OpenVPN" = OpenVPN 2.1.4
"PartyPoker" = PartyPoker
"Prism" = Prism Video Converter
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"RStudio" = RStudio
"SopCast" = SopCast 3.2.4
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"ToolBox" = NCH Toolbox
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 0.9.9
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Poker 770" = Poker 770
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/25/2013 3:58:56 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 3:58:56 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 3:59:00 AM | Computer Name = MatzeBook | Source = EventSystem | ID = 4609
Description =
Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 3:59:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 3:59:54 AM | Computer Name = MatzeBook | Source = EventSystem | ID = 4609
Description =
Error - 7/25/2013 4:11:47 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 4:11:49 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 4:13:32 AM | Computer Name = MatzeBook | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen
Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error - 7/25/2013 4:16:46 AM | Computer Name = MatzeBook | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 8/6/2010 6:00:26 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 8/6/2010 6:00:26 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service
Error - 8/7/2010 10:06:50 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-
Error - 8/7/2010 10:06:50 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-
Error - 8/7/2010 5:42:53 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 8/7/2010 5:42:53 PM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service
Error - 8/8/2010 3:54:32 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-
Error - 8/8/2010 3:54:32 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: UserPreferences :: convertSDITokenType Return code: 0xFE000009
File:
.\UserPreferences.cpp Line: 651 Description: GLOBAL_ERROR_UNEXPECTED Invalid sdi token
-
Error - 8/8/2010 4:00:01 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331650
Description = Termination reason code 9: Client PC is shutting down.
Error - 8/8/2010 4:00:01 AM | Computer Name = MatzeBook | Source = vpnagent | ID = 50331649
Description = Function: CVpnMgr::processEvents Return code: 0 File: .\MainThread.cpp
Line:
974 Description: fatal error, stopping service
[ OSession Events ]
Error - 10/5/2010 11:47:25 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2139 seconds with 780 seconds of active time. This session ended with a
crash.
Error - 11/16/2012 10:38:06 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73914
seconds with 600 seconds of active time. This session ended with a crash.
Error - 12/10/2012 10:07:18 AM | Computer Name = MatzeBook | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 161674
seconds with 840 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =
Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7003
Description =
Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7003
Description =
Error - 7/25/2013 4:16:48 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =
Error - 7/25/2013 4:16:58 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7022
Description =
Error - 7/25/2013 4:18:04 AM | Computer Name = MatzeBook | Source = DCOM | ID = 10005
Description =
Error - 7/25/2013 4:18:07 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7009
Description =
Error - 7/25/2013 4:18:07 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7000
Description =
Error - 7/25/2013 4:20:12 AM | Computer Name = MatzeBook | Source = DCOM | ID = 10016
Description =
Error - 7/25/2013 4:23:12 AM | Computer Name = MatzeBook | Source = Service Control Manager | ID = 7022
Description =
< End of report >
| GMER-Log: Zitat:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-25 19:38:08
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FC4O 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Matze\AppData\Local\Temp\uwtdypow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\WLANExt.exe [1928:1040] 00000001800c7f30
Thread C:\Windows\system32\WLANExt.exe [1928:1136] 0000000180070150
Thread C:\Windows\system32\WLANExt.exe [1928:1192] 00000001800c7f30
Thread C:\Windows\system32\WLANExt.exe [1928:1496] 000007fefb1d6124
Thread C:\Windows\system32\WLANExt.exe [1928:1528] 0000000001417d2c
Thread C:\Windows\system32\WLANExt.exe [1928:1708] 0000000001417d48
Thread C:\Windows\system32\WLANExt.exe [1928:1712] 0000000001417d10
Thread C:\Windows\system32\WLANExt.exe [1928:1716] 000007fefb1d6124
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2820] 00000000002c9524
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2892] 00000000510711f0
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2928] 0000000065095800
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2644] 00000000001538c4
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:3628] 000007fef46c13dc
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:2520] 000007fef46c12ac
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4184] 000007fef42e1c00
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4324] 000007fef40038a0
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4120] 000007fefa29bd78
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4344] 000007fefa29c4f8
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4348] 000007fefa2a6844
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4592] 000007fefa29c4f8
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:4596] 000007fefa2a6844
Thread C:\WINDOWS\SYSTEM32\SPOOLSV.EXE [2016:5004] 000007fef9cfa704
Thread [2040:1132] 00000000751bf36f
Thread [2040:1264] 000000007421c59c
Thread [2040:1448] 000000007421c59c
Thread [2040:1456] 000000007421c59c
Thread C:\Windows\system32\Dwm.exe [2844:2476] 000007fef95beba4
Thread C:\Windows\system32\Dwm.exe [2844:2424] 000007fefc07c2ac
Thread C:\Windows\system32\Dwm.exe [2844:2208] 000007fef946268c
Thread C:\Windows\system32\svchost.exe [3600:3512] 000007fefa29bd78
Thread C:\Windows\system32\svchost.exe [3600:3876] 000007fefa29c4f8
Thread C:\Windows\system32\svchost.exe [3600:3880] 000007fefa2a6844
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234efd7ddc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00234efd7ddc@000eed4cd3e5 0xD3 0x68 0x07 0xCA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234efd7ddc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00234efd7ddc@000eed4cd3e5 0xD3 0x68 0x07 0xCA ...
---- EOF - GMER 2.1 ----
| Ich wäre euch dankbar, wenn ihr vielleicht drüber schauen könnte. Vielen Dank! |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
WARNUNG an die MITLESER: 