Julian89 | 27.07.2012 17:30 | OTL Logfiles: Code:
OTL logfile created on: 27.07.2012 17:08:28 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Julian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,10% Memory free
7,99 Gb Paging File | 5,52 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349,32 Gb Total Space | 29,00 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 75,94 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 15,01 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Julian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Spiele\Skyrim\steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Spiele\Skyrim\bin\libcef.dll ()
MOD - C:\Spiele\Skyrim\bin\avcodec-53.dll ()
MOD - C:\Spiele\Skyrim\bin\chromehtml.dll ()
MOD - C:\Spiele\Skyrim\bin\avformat-53.dll ()
MOD - C:\Spiele\Skyrim\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\9023843c5179d58bd814b64f440679a1\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtGui4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtCore4.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\QtXml4.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_36.dll ()
MOD - C:\Programme\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_36.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\MSNChatHook.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 81 B5 65 FD 6B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "187.52.103.196"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "187.52.103.196"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "187.52.103.196"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "187.52.103.196"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012.06.22 23:01:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011.12.21 11:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.12.21 21:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.06.22 23:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 15:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 15:05:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.12.21 11:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2012.07.26 13:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\4b9bs558.default\extensions
[2012.01.01 19:56:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\4b9bs558.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.25 19:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.26 13:25:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.02 06:55:20 | 000,010,013 | ---- | M] () (No name found) -- C:\USERS\JULIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4B9BS558.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012.07.19 15:05:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.19 15:05:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.19 15:05:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.19 15:05:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.19 15:05:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.19 15:05:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.19 15:05:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.01.01 20:06:36 | 000,001,163 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [aborange Scheduler] C:\Program Files (x86)\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [Steam] C:\Spiele\Skyrim\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Sample Toolband Serach - res://C:\Windows\system32\ToolBand.dll/MENUSEARCH.HTM File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Sample Toolband Serach - C:\Windows\SysWow64\ToolBand.dll (HiTRUST)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41B46CA9-77DE-411B-A8D1-C79D399DB463}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{671baf18-2bb4-11e1-9e17-40618663e4b2}\Shell - "" = AutoRun
O33 - MountPoints2\{671baf18-2bb4-11e1-9e17-40618663e4b2}\Shell\AutoRun\command - "" = J:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.27 16:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.27 16:06:55 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.07.27 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Malwarebytes
[2012.07.27 16:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.27 16:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.27 16:03:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.27 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.19 15:05:25 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\ElevatedDiagnostics
[2012.07.19 02:46:40 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Amnesia
[2012.07.19 02:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2012.07.18 15:59:20 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\InstallShield
[2012.07.12 22:58:57 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Bilderich
[2012.07.12 03:01:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:01:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:01:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:01:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:01:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:01:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:01:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:01:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:01:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:01:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:01:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:01:41 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 03:01:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 16:30:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.01 17:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.01 17:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.28 07:47:41 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Klettern
[2012.06.27 17:40:26 | 000,000,000 | ---D | C] -- C:\download
[2012.06.27 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Artweaver
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.27 17:20:48 | 000,032,300 | ---- | M] () -- C:\Users\Julian\Documents\posdst.jpg
[2012.07.27 17:10:37 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 17:10:37 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 17:03:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 17:03:03 | 3219,779,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 16:28:46 | 000,002,810 | ---- | M] () -- C:\Users\Julian\Desktop\LOG
[2012.07.27 16:07:03 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.07.27 16:03:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.27 15:47:31 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.27 06:33:57 | 011,644,874 | ---- | M] () -- C:\Users\Julian\Desktop\Buch.jpg
[2012.07.26 16:58:23 | 000,001,430 | ---- | M] () -- C:\Users\Julian\Desktop\fitswork.ini
[2012.07.26 13:52:54 | 000,001,060 | ---- | M] () -- C:\Users\Julian\Dokumente - Verknüpfung.lnk
[2012.07.20 18:49:23 | 001,529,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.20 18:49:23 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.20 18:49:23 | 000,627,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.20 18:49:23 | 000,133,774 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.20 18:49:23 | 000,110,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.20 18:37:42 | 000,460,855 | ---- | M] () -- C:\Users\Julian\Desktop\RyanairBoardingPassCPA.pdf
[2012.07.19 21:26:58 | 001,266,283 | ---- | M] () -- C:\Users\Julian\Desktop\RyanairBoardingPass.pdf Phyllis.pdf
[2012.07.19 19:45:54 | 000,269,965 | ---- | M] () -- C:\Users\Julian\Desktop\TheHungerGames.zip
[2012.07.19 19:34:02 | 000,278,561 | ---- | M] () -- C:\Users\Julian\Desktop\Minecraft.exe
[2012.07.19 04:00:01 | 054,670,500 | ---- | M] () -- C:\Users\Julian\Desktop\Sequenz 02.mp4
[2012.07.19 02:46:25 | 000,000,950 | ---- | M] () -- C:\Users\Julian\Desktop\Amnesia.lnk
[2012.07.17 15:30:32 | 000,534,410 | ---- | M] () -- C:\Users\Julian\Desktop\Papa.jpg
[2012.07.17 15:30:17 | 009,542,875 | ---- | M] () -- C:\Users\Julian\Desktop\Papa.psd
[2012.07.17 14:53:45 | 000,552,840 | ---- | M] () -- C:\Users\Julian\Desktop\Indoarische_Sprachen_Gruppen.png
[2012.07.16 13:59:30 | 000,137,133 | ---- | M] () -- C:\Users\Julian\Desktop\RyanairBoardingPass.pdf
[2012.07.16 09:51:30 | 017,760,817 | ---- | M] () -- C:\Users\Julian\Desktop\Canoo.jpg
[2012.07.15 16:54:29 | 000,032,245 | ---- | M] () -- C:\Users\Julian\Documents\thumbs_hornoxe.com_picdump267_044.jpg
[2012.07.13 19:21:04 | 000,045,696 | ---- | M] () -- C:\Users\Julian\Documents\post.jpg
[2012.07.12 03:26:11 | 005,009,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 16:19:24 | 000,056,424 | ---- | M] () -- C:\Users\Julian\Documents\77th.jpg
[2012.07.10 01:48:45 | 000,040,350 | ---- | M] () -- C:\Users\Julian\Documents\579942_10150947427208360_25129148_n.jpg
[2012.07.09 15:46:06 | 013,644,900 | ---- | M] () -- C:\Users\Julian\Documents\Hallo.jpg
[2012.07.09 00:50:20 | 013,306,678 | ---- | M] () -- C:\Users\Julian\Documents\Seestern2.jpg
[2012.07.09 00:45:06 | 014,309,877 | ---- | M] () -- C:\Users\Julian\Documents\Seestern.jpg
[2012.07.08 23:56:27 | 001,739,326 | ---- | M] () -- C:\Users\Julian\Documents\DSC_0098.jpg
[2012.07.08 23:40:59 | 001,821,004 | ---- | M] () -- C:\Users\Julian\Documents\astra.jpg
[2012.07.08 20:45:28 | 010,311,109 | ---- | M] () -- C:\Users\Julian\Documents\Ich.jpg
[2012.07.04 21:39:04 | 004,555,317 | ---- | M] () -- C:\Users\Julian\Documents\DSC_0098 (2).JPG
[2012.07.04 01:15:52 | 011,938,676 | ---- | M] () -- C:\Users\Julian\Documents\Frog.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.03 07:13:44 | 001,831,468 | ---- | M] () -- C:\Users\Julian\Documents\IMG126.jpg
[2012.07.03 06:48:30 | 002,147,948 | ---- | M] () -- C:\Users\Julian\Documents\Maus.jpg
[2012.07.02 18:09:49 | 000,311,202 | ---- | M] () -- C:\Users\Julian\Documents\bp15.jpg
[2012.07.01 09:14:30 | 001,498,971 | ---- | M] () -- C:\Users\Julian\Documents\Gewitter2.jpg
[2012.06.27 17:29:22 | 000,003,342 | ---- | M] () -- C:\Windows\Tablet5500x4000M.ini
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.27 16:28:45 | 000,002,810 | ---- | C] () -- C:\Users\Julian\Desktop\LOG
[2012.07.27 16:03:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.27 15:40:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad
[2012.07.27 06:33:54 | 011,644,874 | ---- | C] () -- C:\Users\Julian\Desktop\Buch.jpg
[2012.07.26 16:58:23 | 000,001,430 | ---- | C] () -- C:\Users\Julian\Desktop\fitswork.ini
[2012.07.26 13:52:54 | 000,001,060 | ---- | C] () -- C:\Users\Julian\Dokumente - Verknüpfung.lnk
[2012.07.20 18:37:42 | 000,460,855 | ---- | C] () -- C:\Users\Julian\Desktop\RyanairBoardingPassCPA.pdf
[2012.07.19 21:26:58 | 001,266,283 | ---- | C] () -- C:\Users\Julian\Desktop\RyanairBoardingPass.pdf Phyllis.pdf
[2012.07.19 19:45:53 | 000,269,965 | ---- | C] () -- C:\Users\Julian\Desktop\TheHungerGames.zip
[2012.07.19 19:34:01 | 000,278,561 | ---- | C] () -- C:\Users\Julian\Desktop\Minecraft.exe
[2012.07.19 03:56:50 | 054,670,500 | ---- | C] () -- C:\Users\Julian\Desktop\Sequenz 02.mp4
[2012.07.19 02:46:25 | 000,000,950 | ---- | C] () -- C:\Users\Julian\Desktop\Amnesia.lnk
[2012.07.17 15:30:30 | 000,534,410 | ---- | C] () -- C:\Users\Julian\Desktop\Papa.jpg
[2012.07.17 15:30:16 | 009,542,875 | ---- | C] () -- C:\Users\Julian\Desktop\Papa.psd
[2012.07.17 14:53:42 | 000,552,840 | ---- | C] () -- C:\Users\Julian\Desktop\Indoarische_Sprachen_Gruppen.png
[2012.07.16 13:59:29 | 000,137,133 | ---- | C] () -- C:\Users\Julian\Desktop\RyanairBoardingPass.pdf
[2012.07.16 09:51:26 | 017,760,817 | ---- | C] () -- C:\Users\Julian\Desktop\Canoo.jpg
[2012.07.15 16:54:25 | 000,032,245 | ---- | C] () -- C:\Users\Julian\Documents\thumbs_hornoxe.com_picdump267_044.jpg
[2012.07.13 19:20:58 | 000,045,696 | ---- | C] () -- C:\Users\Julian\Documents\post.jpg
[2012.07.10 16:19:21 | 000,056,424 | ---- | C] () -- C:\Users\Julian\Documents\77th.jpg
[2012.07.10 01:48:41 | 000,040,350 | ---- | C] () -- C:\Users\Julian\Documents\579942_10150947427208360_25129148_n.jpg
[2012.07.09 15:45:59 | 013,644,900 | ---- | C] () -- C:\Users\Julian\Documents\Hallo.jpg
[2012.07.09 00:50:18 | 013,306,678 | ---- | C] () -- C:\Users\Julian\Documents\Seestern2.jpg
[2012.07.09 00:32:52 | 014,309,877 | ---- | C] () -- C:\Users\Julian\Documents\Seestern.jpg
[2012.07.08 23:56:21 | 001,739,326 | ---- | C] () -- C:\Users\Julian\Documents\DSC_0098.jpg
[2012.07.08 23:40:58 | 001,821,004 | ---- | C] () -- C:\Users\Julian\Documents\astra.jpg
[2012.07.08 23:37:47 | 004,555,317 | ---- | C] () -- C:\Users\Julian\Documents\DSC_0098 (2).JPG
[2012.07.08 20:45:22 | 010,311,109 | ---- | C] () -- C:\Users\Julian\Documents\Ich.jpg
[2012.07.04 01:15:43 | 011,938,676 | ---- | C] () -- C:\Users\Julian\Documents\Frog.jpg
[2012.07.03 07:08:52 | 001,831,468 | ---- | C] () -- C:\Users\Julian\Documents\IMG126.jpg
[2012.07.03 06:48:25 | 002,147,948 | ---- | C] () -- C:\Users\Julian\Documents\Maus.jpg
[2012.07.02 18:09:47 | 000,311,202 | ---- | C] () -- C:\Users\Julian\Documents\bp15.jpg
[2012.07.01 09:14:28 | 001,498,971 | ---- | C] () -- C:\Users\Julian\Documents\Gewitter2.jpg
[2012.06.27 17:40:26 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012.06.27 17:29:22 | 000,003,342 | ---- | C] () -- C:\Windows\Tablet5500x4000M.ini
[2012.06.11 15:20:34 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\HTCA_SelfExtract.bin
[2012.06.11 15:20:00 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Outlook Addin.dll
[2012.06.11 15:19:58 | 000,082,432 | ---- | C] () -- C:\Windows\SysWow64\keyManager.dll
[2012.06.11 15:19:56 | 000,822,784 | ---- | C] () -- C:\Windows\SysWow64\UIVCL.dll
[2012.06.11 15:19:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\SC_res.dll
[2012.06.11 15:19:56 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\TC_res.dll
[2012.06.11 15:19:55 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogSPWusage.dll
[2012.06.11 15:19:55 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\MSNChatHook.dll
[2012.06.11 15:19:44 | 000,152,576 | ---- | C] () -- C:\Windows\SysWow64\CryptoAPI.dll
[2012.06.11 15:19:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\EN_res.dll
[2012.06.11 15:19:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ActiveToolBand.dll
[2012.06.11 15:19:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\APISlice.dll
[2012.04.09 08:23:06 | 000,000,218 | ---- | C] () -- C:\Users\Julian\.recently-used.xbel
[2012.04.08 13:28:29 | 000,000,040 | ---- | C] () -- C:\Users\Julian\.gtk-bookmarks
[2012.03.20 20:48:48 | 000,001,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.02.14 16:23:24 | 000,000,132 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.01.27 23:52:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012.01.24 19:43:43 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012.01.10 13:34:18 | 000,281,880 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.10 13:34:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.09 00:58:54 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011.12.21 11:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.21 11:20:00 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.11.10 04:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.10 04:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E8BE05FA
< End of report > Code:
OTL Extras logfile created on: 27.07.2012 17:08:28 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Julian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,10% Memory free
7,99 Gb Paging File | 5,52 Gb Available in Paging File | 69,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349,32 Gb Total Space | 29,00 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Drive D: | 349,32 Gb Total Space | 75,94 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive F: | 15,01 Gb Total Space | 15,01 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15DC4A26-7DB8-4DA1-90FC-DC2944D24A66}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{DB8CB12F-C91C-4D75-A127-8FA4208D8808}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F81B23F4-5AAC-4DE1-9AE7-53A2EA472915}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C8081C-F3C7-4F11-AFCE-BD2A305A3935}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{0BFA23A9-8A9D-44E3-9BA1-A401991A6A1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0C9B487E-87AC-4D76-A059-061880004349}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0E3CCA4B-0AF1-4C93-A8B3-D0A24C7214E8}" = protocol=6 | dir=in | app=c:\spiele\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{18E88612-AF9D-4D58-8B0E-3D10835B182B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1A7A3D24-697F-4F8C-8EB3-5CB2AE6AFA8C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1B4EDB7F-B0A3-40BB-AE35-DF559E555DCD}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{21C158D0-58C6-42B7-A998-04A7FF85A541}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{26D2F3CD-6669-4748-B048-F8853BFF86FC}" = protocol=6 | dir=in | app=c:\spiele\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{2F090656-1FCE-4E66-A21F-FD0113743357}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{2F50027C-EF1F-4AB9-AF01-7590AAB968E8}" = protocol=17 | dir=in | app=c:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe |
"{304C1C9C-A360-4207-8CF5-13A290DF12E1}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{32F9EF99-4AB6-4208-B5B4-E7BED93EC389}" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"{367B487F-B9CD-438F-AC57-A46BE3897DCD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{4642C280-E006-4B14-A0BC-0D7623280426}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{497DF4DD-FF20-4C68-A46A-50341C27E940}" = dir=out | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe |
"{527172A7-9A33-4730-BA4C-CFA86D559E13}" = protocol=17 | dir=in | app=d:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe |
"{591969AD-273F-43AE-AF23-E725EFA7F976}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6287AD14-48EE-4B46-B1DB-2817850FBBE5}" = protocol=17 | dir=in | app=c:\spiele\skyrim\steamapps\stibe_productions\counter-strike\hl.exe |
"{6349A7E0-B732-4445-A203-545A84B48FBC}" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"{6A125980-B015-4741-85A4-EFF4B7B582D0}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{733EABA3-A4DD-4D26-BDA9-D82364A885EE}" = protocol=6 | dir=in | app=c:\spiele\bf3\battlefield 3 limited edition\bf3.exe |
"{747A1E58-AAA9-43CF-A94D-0B4D54E8A13D}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{75EE539D-39BA-42AC-A8E7-55D78E3D71EB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{764B7FF1-2EB5-4B48-91F2-597AEFE60B96}" = protocol=17 | dir=in | app=c:\spiele\bf3\battlefield 3 limited edition\bf3.exe |
"{833216A8-0648-4E18-A09A-28A80CF00A96}" = protocol=17 | dir=in | app=c:\spiele\skyrim\steam.exe |
"{85DD22D9-AB2E-4213-B727-431AE4DD7B97}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{884D5C61-42F3-4F85-AE95-94BC880DCF46}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{8A8EC72D-29D4-4EC4-9FEB-E57126AAD00A}" = protocol=17 | dir=in | app=c:\spiele\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"{8CA995F9-5DD9-41FE-A85A-FE214EA4DA65}" = protocol=6 | dir=in | app=c:\spiele\skyrim\steamapps\stibe_productions\counter-strike\hl.exe |
"{8CB3331F-DD0A-45EB-A7B4-80DBDA22162A}" = protocol=6 | dir=in | app=d:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe |
"{9513DDD0-1FFB-4B0C-9395-70780429F49A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9EC9876A-A7D7-4B23-8E18-2B2776AF6129}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A09E42CD-5E44-4EFA-97FF-AE950CE71F0F}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{A9E0021D-62FF-4294-9E62-D612CD4C5E09}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{BA51BCCD-187A-4322-8DB5-6DE2CB840530}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C1C78950-7CDA-4552-887D-EEBC291FA535}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{C2F1CEE6-69B8-4FD0-A305-D4F4056B87EC}" = protocol=6 | dir=in | app=c:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe |
"{C51ADC85-6965-4EE7-9518-349579B9D1F7}" = protocol=6 | dir=in | app=c:\spiele\skyrim\steam.exe |
"{D6A0AF73-31D7-4B15-A40B-D3BA2BE54A3B}" = dir=out | app=%programfiles% (x86)\origin\origin.exe |
"{E0991361-9C36-4329-BB56-3E16E3D486F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EA0227CA-44AD-4517-8C4B-F087D9BBEBC1}" = protocol=17 | dir=in | app=c:\spiele\skyrim\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{06C000F9-2FAE-4D40-B22F-7F0D4AC17406}C:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe |
"TCP Query User{07046A1D-5499-45A2-BBEF-E3E7096A9AAA}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{091E50E7-46BB-4621-AAE2-996A8AEE830B}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe |
"TCP Query User{2895A8DF-2E75-43EB-A6F1-9786FF8A190E}D:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{7AB00D5B-53C2-4D7A-AB2C-6B7783A05FE6}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{99ABD748-F8D8-4F8C-81FC-4DC40252DD46}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{ED2CC7B8-6DF3-4982-932A-37630D6B4808}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FBDFBCBA-10E0-43B8-98A4-FFDC338C75F1}D:\spiele\l4d\left4dead2.exe" = protocol=6 | dir=in | app=d:\spiele\l4d\left4dead2.exe |
"UDP Query User{31B727BD-54F7-4F32-A9EC-0CE480C72776}D:\spiele\l4d\left4dead2.exe" = protocol=17 | dir=in | app=d:\spiele\l4d\left4dead2.exe |
"UDP Query User{3AD33367-A008-461D-8400-EF2F36F480BB}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\java.exe |
"UDP Query User{45FB8CB7-E6A5-4C3D-B1B9-ED61B613C4D5}D:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\spiele\bourderlands\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{50A58481-5AEA-4246-BEF5-F95C36406CBB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{5EBB89C3-0EDA-4DA1-9866-8D0E4E4DD28E}C:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\skyrim\steamapps\m4rek\counter-strike source\hl2.exe |
"UDP Query User{923DBCDE-8365-4814-9899-D3B6033FFD71}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D66B8077-8663-4202-BEAF-9CC0F5B5F0E0}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"UDP Query User{FC0E2283-A0CB-437C-8006-9F44B2E20D00}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC}" = Topaz ReMask 3 (64-bit)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11}" = Topaz Simplify 3 (64-bit)
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A6FE29A0-622B-2763-88AA-D1E084F77CD9}" = AMD Media Foundation Decoders
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit)
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{BA3D5FF2-A405-4654-826E-A09FABB01853}" = Topaz Fusion Express 2 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit)
"{E44D14E2-A6D0-4F38-BF06-2E4244E23FED}" = Topaz InFocus (64-bit)
"{F375FC22-BC8A-4A15-ABE6-15EE1450BF86}" = Topaz B&W Effects (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
"{FF0EBE64-45AA-4B16-A0CC-945CECDCA0B6}" = Topaz Lens Effects (64-bit)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{350E3960-DE20-4FE6-9E6B-26B464AD27FD}" = DeepSkyStacker
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4646EF54-1342-43FC-B403-ED2B4D311646}" = Background Subtraction Toolkit
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB8601D-52FF-48BA-B979-53264B2E6EF9}" = toolstar* file recovery professional
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64794546-113F-8829-9F18-5CF4E838D0FF}" = The Photographer's Ephemeris
"{6E07CF4B-A9EB-45BF-BE74-613B3D708E13}" = Topaz Lens Effects
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.12119.1
"{A3474A79-B574-417A-A31A-B2651C2BBA8E}" = MaxIm DL V5
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7EB8FB7-F89E-480B-952D-813F413653BE}" = Topaz B&W Effects
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{CBB25040-2D43-4868-930C-F08B812F2BF8}" = Acer eDataSecurity Management
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.21
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"5513-1208-7298-9440" = JDownloader 0.9
"aborange Scheduler_is1" = aborange Scheduler - Deinstallation
"Adobe AIR" = Adobe AIR
"Artizen HDR 2.8.6" = Artizen HDR 2.8.6
"Astra Image 3.0 Pro_is1" = Astra Image 3.0 Pro
"Astroart demo_is1" = Astroart 5.0 demo
"Astroart_is1" = Astroart 4.0
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Blurb Template Creator CS5.5_is1" = Blurb Template Creator CS5.5 v1.1.0.1d5
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CMunipack-1.2" = C-Munipack 1.2
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Eye&Telescope 3.0" = Eye&Telescope 3.0
"FileZilla Client" = FileZilla Client 3.2.7.1
"Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1" = The Photographer's Ephemeris
"Free YouTube Download_is1" = Free YouTube Download version 3.1.22.319
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Guide Star Catalog_is1" = Guide Star Catalog 1.1
"ImgBurn" = ImgBurn
"InstallShield_{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit
"InstallShield_{A3474A79-B574-417A-A31A-B2651C2BBA8E}" = MaxIm DL V5
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.700
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QueTek File Scavenger 3.2 (de)" = File Scavenger 3.2 (de)
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"Stellarium_is1" = Stellarium 0.10.6.1
"TabletDriver" = Trust Tablet Driver
"Topaz Adjust 5" = Topaz Adjust 5
"Topaz Adjust 5 (64-bit)" = Topaz Adjust 5 (64-bit)
"Topaz B&W Effects" = Topaz B&W Effects
"Topaz B&W Effects (64-bit)" = Topaz B&W Effects (64-bit)
"Topaz Clean 3" = Topaz Clean 3
"Topaz Clean 3 (64-bit)" = Topaz Clean 3 (64-bit)
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeJpeg 4 (64-bit)" = Topaz DeJpeg 4 (64-bit)
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"Topaz Detail 2" = Topaz Detail 2
"Topaz Detail 2 (64-bit)" = Topaz Detail 2 (64-bit)
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit)
"Topaz InFocus" = Topaz InFocus
"Topaz InFocus (64-bit)" = Topaz InFocus (64-bit)
"Topaz Lens Effects" = Topaz Lens Effects
"Topaz Lens Effects (64-bit)" = Topaz Lens Effects (64-bit)
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz ReMask 3 (64-bit)" = Topaz ReMask 3 (64-bit)
"Topaz Simplify 3" = Topaz Simplify 3
"Topaz Simplify 3 (64-bit)" = Topaz Simplify 3 (64-bit)
"Topaz Star Effects" = Topaz Star Effects
"Topaz Star Effects (64-bit)" = Topaz Star Effects (64-bit)
"Unimap_is1" = Unimap 0.0.3 pre-alpha
"VLC media player" = VLC media player 1.1.11
"Where is M13?_is1" = Where is M13? version 2.3
"XnView_is1" = XnView 1.99
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RegiStax 5.1" = RegiStax 5.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.07.2012 19:07:47 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe Premiere Pro.exe, Version:
5.5.0.0, Zeitstempel: 0x4d8a89e8 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16915, Zeitstempel: 0x4ec4b137 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000004ca16
ID
des fehlerhaften Prozesses: 0x151c Startzeit der fehlerhaften Anwendung: 0x01cd5d4311054b3f
Pfad
der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe Premiere Pro CS5.5\Adobe
Premiere Pro.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung:
bad748fa-c951-11e1-8cd7-40618663e4b2
Error - 10.07.2012 17:57:31 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm idlrt.exe, Version 7.1.1.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1704 Startzeit:
01cd5ee2696ad57f Endzeit: 4563 Anwendungspfad: C:\Program Files (x86)\AviStack2\idl71\bin\bin.x86_64\idlrt.exe
Berichts-ID:
9c7578c6-cad9-11e1-919e-40618663e4b2
Error - 15.07.2012 16:55:52 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ai3pro.exe, Version: 3.0.5.40, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ai3pro.exe, Version: 3.0.5.40, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000979e4 ID des fehlerhaften Prozesses:
0x7a14 Startzeit der fehlerhaften Anwendung: 0x01cd62cc286b6d62 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Astra Image 3.0 Pro\ai3pro.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Astra Image 3.0 Pro\ai3pro.exe Berichtskennung: 7601c011-cebf-11e1-8f63-40618663e4b2
Error - 15.07.2012 16:56:26 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ai3pro.exe, Version: 3.0.5.40, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: ai3pro.exe, Version: 3.0.5.40, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000979e4 ID des fehlerhaften Prozesses:
0x7b94 Startzeit der fehlerhaften Anwendung: 0x01cd62cc44ea00e1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Astra Image 3.0 Pro\ai3pro.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Astra Image 3.0 Pro\ai3pro.exe Berichtskennung: 8aa62bd1-cebf-11e1-8f63-40618663e4b2
Error - 19.07.2012 13:41:56 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Julian\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 20.07.2012 04:02:37 | Computer Name = Julian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hamachi-2.exe, Version: 2.1.0.210,
Zeitstempel: 0x4feae06c Name des fehlerhaften Moduls: hamachi-2.exe, Version: 2.1.0.210,
Zeitstempel: 0x4feae06c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000048696
ID
des fehlerhaften Prozesses: 0x830 Startzeit der fehlerhaften Anwendung: 0x01cd64ed0dbeb267
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe Berichtskennung:
44a48eb4-d241-11e1-9f1b-40618663e4b2
Error - 20.07.2012 12:08:58 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm Omgjbox.exe, Version 4.3.1.14020 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1640 Startzeit:
01cd6690e2e3b866 Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe
Berichts-ID:
ed6ce1e9-d284-11e1-a1b0-40618663e4b2
Error - 20.07.2012 12:46:31 | Computer Name = Julian-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.310.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 304 Startzeit:
01cd66699b54bd6f Endzeit: 95 Anwendungspfad: C:\Program Files\Java\jre6\bin\javaw.exe
Berichts-ID:
724c38ec-d28a-11e1-a1b0-40618663e4b2
Error - 27.07.2012 10:33:40 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Julian\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 27.07.2012 10:33:43 | Computer Name = Julian-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Julian\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
[ System Events ]
Error - 15.07.2012 10:07:39 | Computer Name = Julian-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.07.2012 18:44:23 | Computer Name = Julian-PC | Source = bowser | ID = 8003
Description =
Error - 18.07.2012 13:28:33 | Computer Name = Julian-PC | Source = DCOM | ID = 10010
Description =
Error - 18.07.2012 21:55:02 | Computer Name = Julian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 20.07.2012 02:18:19 | Computer Name = Julian-PC | Source = bowser | ID = 8003
Description =
Error - 20.07.2012 04:02:38 | Computer Name = Julian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 20.07.2012 12:45:55 | Computer Name = Julian-PC | Source = DCOM | ID = 10010
Description =
Error - 26.07.2012 08:16:14 | Computer Name = Julian-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.07.2012 00:31:00 | Computer Name = Julian-PC | Source = DCOM | ID = 10010
Description =
Error - 27.07.2012 09:42:09 | Computer Name = Julian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?07.?2012 um 15:40:54 unerwartet heruntergefahren.
< End of report > Malwarebytes läut noch, muss wen reiche die Log File morgen nach.
liebe Grüße Julian |