Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Leere kommandozeile im "Systemstart" von Spybot S&D - was tun? (https://www.trojaner-board.de/125754-leere-kommandozeile-systemstart-spybot-s-d-tun.html)

Berri 16.10.2012 15:51
Leere kommandozeile im "Systemstart" von Spybot S&D - was tun?
 
Hallo

Ich hab mich schon sogut wie tot gegoogelt, aber nicht wirklich die Lösung zu meinem Problem gefunden..

Ich hab im Spybot S&D unter Systemstart ein Teil das sich mitstartet, bei dem aber nichts in der Kommandozeile steht.. also laut den Kommentaren im Spybot also ein worm/trojan.. nun meine Frage.. kann ich das häkchen da einfach raus machen das sich das blöde ding nicht mehr mit startet?
Mein virenprog usw. findet das blöde ding nämlich nicht :(

Da in den kommentaren teilweise Dateiname: system32.exe steht, bin ich mir echt unsicher ob ich mir nicht den pc kaputt hau wenn ich das häkchen echt daraus mache..
Ich hoffe ihr könnt mir helfen

liebe Grüße!


Hier noch die kommentare zu dem Eintrag im Spybot:


Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: system32.exe

Beschreibung
Added by the _AGOBOT-KU_ WORM! Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: pathex.exe

Beschreibung
Added by the _MKMOOSE-A_ WORM! Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: svchost.exe

Beschreibung
Added by the _DELF-UX_ TROJAN! Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: MSPF.EXE

Beschreibung
Added by a variant of the _SDBOT_ WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: dllvirtual.exe

Beschreibung
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: dllvirtual.dll

Beschreibung
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list
____________________

Aktuelle Datei:

Datenbank-Status: Nicht benötigt - Viren, Spyware, Malware oder sonstiges Unnötiges
Wert:
Dateiname: dllvirtual.js

Beschreibung
Added by the _DADOBRA-IW_ TROJAN! Note - has a blank entry under the Startup Item/Name field

Quelle: Paul Collins Startup list

ryder 16.10.2012 16:46
:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

ryder 16.10.2012 19:50
:hallo:

Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.
Zitat:
Lesestoff:
Regeln für die Bereinigung
Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread (möglichst in Code-Tags). Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.
  • Eine Bitte: Mache bitte solange mit, bis ich oder ein anderer Helfer dir mitteilt, dass du "sauber" bist. Das gebietet alleine schon die Höflichkeit und ein Verschwinden der Symptome bedeutet nicht, dass die Schädlinge auch wirklich alle entfernt wurden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Wenn du das alles gelesen und verstanden hast, kannst du loslegen! :kloppen:
Zitat:
Lesestoff:
Spybot Search & Destroy
Diese Software gilt als veraltet und schützt dich nicht mehr gegen aktuelle Schädlinge. Zudem behindert der Teatimer die Bereinigung. Daher solltest du Spybot dringend deinstallieren.

Schritt 1:
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen

Dir folgenden Programme gelten als "veraltet" oder schützen dich nicht mehr ausreichen. Entferne bitte:
  • Spybot S&D

Schritt 2:
Customscan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.exe
%PROGRAMFILES(X86)%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /10
%appdata%\*.
%appdata%\*.*
%appdata%\*.exe /s
%localappdata%\*.
%localappdata%\*.*
%localappdata%\*.exe /s
%allusersprofile%\*.
%allusersprofile%\*.*
%allusersprofile%\*.exe /s
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Berri 17.10.2012 11:03
Hi, alles soweit ausgeführt, ich mach das mal zu 2. theards damits nicht ineinander verschwimmt :-)
OTL Logfile:
Code:
OTL logfile created on: 17.10.2012 11:47:08 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,60 Gb Available Physical Memory | 82,63% Memory free
15,96 Gb Paging File | 14,49 Gb Available in Paging File | 90,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 360,48 Gb Free Space | 77,40% Space Free | Partition Type: NTFS
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.17 11:39:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
PRC - [2012.08.08 21:43:53 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:09:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:09:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 11:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 19:03:49 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012.06.14 18:51:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 18:51:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 18:50:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.13 12:55:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012.05.13 12:52:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.13 12:52:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 12:52:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 12:52:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 12:52:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 12:52:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:09:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:09:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.20 11:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:09:23 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:09:23 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.15 12:48:07 | 000,291,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011.09.13 17:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.09.13 17:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.23 21:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.30 04:11:06 | 000,056,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 82 D8 68 2F 46 CD 01  [binary data]
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\..\SearchScopes\{2B3F93B9-A302-46AC-81A3-8391F2F1BE6D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=c241c7f6-4d18-4e9c-b417-e3476daf4a59&apn_sauid=ACCF9667-C244-482B-A70F-243D84A04BF9
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.12 20:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.12 20:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Extensions
[2012.10.15 21:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lea\AppData\Roaming\mozilla\Firefox\Profiles\mzoejr3n.default\extensions
[2012.09.16 17:30:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lea\AppData\Roaming\mozilla\Firefox\Profiles\mzoejr3n.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.16 17:54:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lea\AppData\Roaming\mozilla\Firefox\Profiles\mzoejr3n.default\extensions\ich@maltegoetz.de
[2012.10.15 20:35:34 | 000,002,323 | ---- | M] () -- C:\Users\Lea\AppData\Roaming\mozilla\firefox\profiles\mzoejr3n.default\searchplugins\askcom.xml
[2012.07.12 20:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lea\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Google Mail = C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKLM..\RunOnce: [VideoBoothunstall]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3512377129-1631943422-1255509673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271E9E9B-CBC9-42E4-8750-F970EEA567A8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 11:39:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
[2012.10.16 02:20:51 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\vlc
[2012.10.16 02:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.10.16 02:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.10.15 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\VideoBooth
[2012.10.15 20:35:24 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\APN
[2012.09.28 21:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.09.28 21:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.09.24 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Local\Canon Easy-PhotoPrint EX
[2012.09.24 20:54:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.09.24 20:54:26 | 000,000,000 | ---D | C] -- C:\Users\Lea\Drucker
[2012.09.24 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Lea\AppData\Roaming\Canon
[2012.09.24 20:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2012.09.24 20:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2012.09.24 20:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2012.09.24 20:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Benutzerregistrierung
[2012.09.24 20:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2012.09.24 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2012.09.24 20:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012.09.24 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2012.09.24 20:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series Manual
[2012.09.24 20:31:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.09.24 20:31:53 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.09.24 20:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP280 series
[2012.09.24 20:31:16 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.09.24 20:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 11:39:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lea\Desktop\OTL.exe
[2012.10.17 11:26:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3512377129-1631943422-1255509673-1001UA.job
[2012.10.17 11:07:50 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 11:07:50 | 000,020,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 11:05:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 11:05:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 11:05:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 11:05:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 11:05:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.17 11:00:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 11:00:27 | 2133,565,439 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.16 02:20:47 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.16 02:17:34 | 017,704,829 | ---- | M] () -- C:\Users\Lea\Desktop\10-ellie_goulding-i_know_you_care.flac
[2012.10.12 08:26:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3512377129-1631943422-1255509673-1001Core.job
[2012.10.11 01:46:35 | 000,629,390 | ---- | M] () -- C:\Users\Lea\Documents\Screenshot2012-10-11 01_44_37.jpg
[2012.10.11 01:44:56 | 000,008,559 | ---- | M] () -- C:\Users\Lea\Documents\IMG_11102012_014443.png
[2012.10.10 22:27:12 | 000,002,483 | ---- | M] () -- C:\Users\Lea\Desktop\Google Chrome.lnk
[2012.10.07 19:38:32 | 003,790,438 | ---- | M] () -- C:\Users\Lea\Desktop\Lea_Mueller_Unterlagen.pdf
[2012.10.07 19:38:08 | 008,526,267 | ---- | M] () -- C:\Users\Lea\Desktop\gehalt_perso_schufa.odt
[2012.10.07 19:34:55 | 003,967,375 | ---- | M] () -- C:\Users\Lea\Desktop\selbstauskunft_Lea_Mueller.pdf
[2012.10.07 19:34:38 | 010,039,422 | ---- | M] () -- C:\Users\Lea\Desktop\selbstauskunft_flueggestr.odt
[2012.09.28 21:42:13 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.09.24 21:01:48 | 004,607,265 | ---- | M] () -- C:\Users\Lea\Desktop\Schiffszimmerer_genossenschaft_Wohnungsantrag_Lea_Mueller.odt
[2012.09.24 20:34:29 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012.09.24 20:32:25 | 000,002,362 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP280 series Online-Handbuch.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.16 02:20:47 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.10.16 02:11:28 | 017,704,829 | ---- | C] () -- C:\Users\Lea\Desktop\10-ellie_goulding-i_know_you_care.flac
[2012.10.11 01:46:15 | 000,629,390 | ---- | C] () -- C:\Users\Lea\Documents\Screenshot2012-10-11 01_44_37.jpg
[2012.10.11 01:44:51 | 000,008,559 | ---- | C] () -- C:\Users\Lea\Documents\IMG_11102012_014443.png
[2012.10.07 19:38:25 | 003,790,438 | ---- | C] () -- C:\Users\Lea\Desktop\Lea_Mueller_Unterlagen.pdf
[2012.10.07 19:37:39 | 008,526,267 | ---- | C] () -- C:\Users\Lea\Desktop\gehalt_perso_schufa.odt
[2012.10.07 19:34:49 | 003,967,375 | ---- | C] () -- C:\Users\Lea\Desktop\selbstauskunft_Lea_Mueller.pdf
[2012.10.07 19:34:34 | 010,039,422 | ---- | C] () -- C:\Users\Lea\Desktop\selbstauskunft_flueggestr.odt
[2012.09.24 21:01:46 | 004,607,265 | ---- | C] () -- C:\Users\Lea\Desktop\Schiffszimmerer_genossenschaft_Wohnungsantrag_Lea_Mueller.odt
[2012.09.24 20:34:29 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2012.09.24 20:32:25 | 000,002,362 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP280 series Online-Handbuch.lnk
[2012.09.24 20:31:49 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1746D.TBL
[2012.09.24 20:31:49 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1746D.TBL
[2012.01.29 13:03:49 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.29 13:03:49 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.01.26 16:40:40 | 000,007,623 | ---- | C] () -- C:\Users\Lea\AppData\Local\Resmon.ResmonCfg
[2012.01.12 11:11:38 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.16 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Amazon
[2012.09.24 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Canon
[2012.10.01 22:48:16 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoft
[2012.03.12 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.04 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\OpenOffice.org
[2012.08.18 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Spotify
[2012.03.11 01:48:21 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\TS3Client
[2012.10.15 20:37:12 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\VideoBooth
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.17 14:08:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.23 14:14:52 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.23 14:27:53 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.24 20:32:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.17 11:43:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.09.28 21:22:28 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.17 11:48:28 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.25 20:51:43 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.25 23:39:49 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.07.15 12:11:57 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2010.11.21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012.10.17 11:00:27 | 2133,565,439 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 11:00:28 | 4276,412,415 | -HS- | M] () -- C:\pagefile.sys
[2012.01.23 14:28:26 | 000,002,164 | ---- | M] () -- C:\RHDSetup.log
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES(X86)%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /10 >
 
< %appdata%\*.  >
[2012.05.04 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Adobe
[2012.09.16 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Amazon
[2012.01.26 07:54:55 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Apple Computer
[2012.01.25 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Avira
[2012.09.24 20:54:58 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Canon
[2012.10.01 22:48:16 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoft
[2012.03.12 23:25:47 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.21 04:51:08 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Identities
[2012.01.25 20:52:07 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Intel Corporation
[2012.01.25 21:58:40 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Macromedia
[2012.10.16 16:19:21 | 000,000,000 | --SD | M] -- C:\Users\Lea\AppData\Roaming\Microsoft
[2012.07.12 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Mozilla
[2012.05.04 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\OpenOffice.org
[2012.10.17 11:44:09 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Skype
[2012.08.18 00:39:28 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\Spotify
[2012.03.11 01:48:21 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\TS3Client
[2012.10.15 20:37:12 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\VideoBooth
[2012.10.16 02:28:24 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Roaming\vlc
 
< %appdata%\*.*  >
 
< %appdata%\*.exe /s >
[2012.06.18 21:06:09 | 000,010,134 | R--- | M] () -- C:\Users\Lea\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.08.18 00:14:26 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\Lea\AppData\Roaming\Spotify\spotify.exe
[2012.08.18 00:14:26 | 000,114,904 | ---- | M] () -- C:\Users\Lea\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012.08.18 00:14:26 | 001,193,176 | ---- | M] () -- C:\Users\Lea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %localappdata%\*.  >
[2012.05.04 23:13:00 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Adobe
[2012.01.25 20:51:46 | 000,000,000 | -HSD | M] -- C:\Users\Lea\AppData\Local\Anwendungsdaten
[2012.10.15 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\APN
[2012.01.26 07:54:21 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Apple
[2012.01.26 07:54:47 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Apple Computer
[2012.03.15 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Apps
[2012.09.24 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Canon Easy-PhotoPrint EX
[2012.03.15 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Deployment
[2012.07.08 15:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Diagnostics
[2012.03.15 18:05:23 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Google
[2012.07.24 16:36:34 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Macromedia
[2012.06.06 20:08:36 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Microsoft
[2012.01.25 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Mozilla
[2012.08.18 02:02:49 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Spotify
[2012.02.18 11:43:35 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\SWTOR
[2012.10.17 11:46:37 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\Temp
[2012.01.25 20:51:46 | 000,000,000 | -HSD | M] -- C:\Users\Lea\AppData\Local\Temporary Internet Files
[2012.01.25 20:51:46 | 000,000,000 | -HSD | M] -- C:\Users\Lea\AppData\Local\Verlauf
[2012.01.25 20:51:46 | 000,000,000 | ---D | M] -- C:\Users\Lea\AppData\Local\VirtualStore
 
< %localappdata%\*.* >
[2012.05.04 23:11:39 | 000,063,696 | ---- | M] () -- C:\Users\Lea\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.10.17 01:05:18 | 007,036,312 | -H-- | M] () -- C:\Users\Lea\AppData\Local\IconCache.db
[2012.01.26 16:40:40 | 000,007,623 | ---- | M] () -- C:\Users\Lea\AppData\Local\Resmon.ResmonCfg
 
< %localappdata%\*.exe /s >
[2012.03.15 18:04:11 | 000,733,096 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Apps\2.0\DYCCKYJB.E8H\71RNYZP9.WBW\clic...exe_4fe91ede9f9bdca3_0001.0003_none_b1329dd2392094dd\GoogleUpdateSetup.exe
[2012.03.15 18:04:11 | 000,009,640 | ---- | M] () -- C:\Users\Lea\AppData\Local\Apps\2.0\DYCCKYJB.E8H\71RNYZP9.WBW\goog...app_4fe91ede9f9bdca3_0001.0003_b7b888675aa4f23d\clickonce_bootstrap.exe
[2012.03.15 18:04:11 | 000,733,096 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Apps\2.0\DYCCKYJB.E8H\71RNYZP9.WBW\goog...app_4fe91ede9f9bdca3_0001.0003_b7b888675aa4f23d\GoogleUpdateSetup.exe
[2012.10.10 12:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\chrome.exe
[2012.10.04 03:16:02 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\old_chrome.exe
[2012.04.28 04:07:03 | 000,072,688 | ---- | M] () -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\wow_helper.exe
[2012.08.18 00:27:29 | 000,081,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_frame_helper.exe
[2012.08.18 00:27:30 | 000,084,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\chrome_launcher.exe
[2012.08.18 00:27:32 | 000,200,216 | ---- | M] (TODO: <Company name>) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\delegate_execute.exe
[2012.08.17 23:28:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\flashplayerapp.exe
[2012.08.18 00:28:50 | 000,914,968 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\nacl64.exe
[2012.08.23 21:21:20 | 001,541,144 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.83\Installer\setup.exe
[2012.08.30 04:57:20 | 000,081,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\chrome_frame_helper.exe
[2012.08.30 04:57:21 | 000,084,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\chrome_launcher.exe
[2012.08.30 04:57:23 | 000,200,216 | ---- | M] (TODO: <Company name>) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\delegate_execute.exe
[2012.08.30 03:50:45 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\flashplayerapp.exe
[2012.08.30 04:58:39 | 000,914,968 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\nacl64.exe
[2012.09.05 20:21:28 | 001,541,144 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\21.0.1180.89\Installer\setup.exe
[2012.09.25 11:41:32 | 000,081,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.79\chrome_frame_helper.exe
[2012.09.25 11:41:34 | 000,084,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.79\chrome_launcher.exe
[2012.09.25 11:41:35 | 000,219,672 | ---- | M] (TODO: <Company name>) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.79\delegate_execute.exe
[2012.09.25 11:42:52 | 000,986,136 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.79\nacl64.exe
[2012.09.28 21:27:02 | 001,578,520 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.79\Installer\setup.exe
[2012.10.04 03:14:34 | 000,081,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.92\chrome_frame_helper.exe
[2012.10.04 03:14:35 | 000,084,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.92\chrome_launcher.exe
[2012.10.04 03:14:37 | 000,219,672 | ---- | M] (TODO: <Company name>) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.92\delegate_execute.exe
[2012.10.04 03:15:54 | 000,986,136 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.92\nacl64.exe
[2012.10.09 13:26:39 | 001,578,520 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.92\Installer\setup.exe
[2012.10.10 12:04:50 | 000,081,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\chrome_frame_helper.exe
[2012.10.10 12:04:51 | 000,084,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\chrome_launcher.exe
[2012.10.10 12:04:52 | 000,219,672 | ---- | M] (TODO: <Company name>) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\delegate_execute.exe
[2012.10.10 12:06:09 | 000,986,136 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\nacl64.exe
[2012.10.10 22:26:35 | 001,578,520 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Chrome\Application\22.0.1229.94\Installer\setup.exe
[2012.03.15 18:04:11 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
[2012.09.20 08:21:36 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
[2012.09.20 08:21:36 | 000,279,504 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
[2012.09.20 08:21:36 | 000,116,648 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
[2012.09.20 08:21:36 | 000,059,344 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
[2012.09.20 08:21:36 | 000,059,344 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
[2012.08.22 23:34:00 | 000,763,232 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
[2012.09.13 01:40:00 | 000,554,448 | ---- | M] (Google Inc.) -- C:\Users\Lea\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
[2012.10.10 17:30:00 | 000,644,008 | ---- | M] () -- C:\Users\Lea\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\22.0.1229.94\22.0.1229.94_22.0.1229.92_chrome_updater.exe
[2012.08.18 00:14:25 | 017,617,480 | ---- | M] (Spotify Ltd) -- C:\Users\Lea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\425UEYPQ\SpotifyFullSetup[1].exe
[2012.10.16 16:30:53 | 025,653,936 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Lea\AppData\Local\Temp\SkypeSetup.exe
[5 C:\Users\Lea\AppData\Local\Temp\*.tmp files -> C:\Users\Lea\AppData\Local\Temp\*.tmp -> ]
[2012.10.15 20:35:17 | 000,330,002 | ---- | M] () -- C:\Users\Lea\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
< %allusersprofile%\*.  >
[2012.05.04 23:14:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.01.26 07:54:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.01.26 07:54:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2012.01.25 21:00:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Avira
[2012.09.28 21:22:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2012.01.26 16:25:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Blizzard Entertainment
[2012.09.24 20:31:59 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2012.09.24 20:52:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2012.09.24 20:52:48 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2012.09.24 20:37:15 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2012.09.24 20:54:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2012.09.24 20:34:28 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012.06.22 11:33:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2012.07.15 14:04:34 | 000,000,000 | ---D | M] -- C:\ProgramData\GFI Software
[2012.01.25 23:42:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Messenger Plus!
[2012.10.16 16:19:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft
[2012.05.18 10:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.10.17 11:00:31 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2012.01.23 14:26:35 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2012.10.17 01:05:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012.10.17 11:44:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012.04.09 00:13:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012.01.25 20:48:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.01.26 07:54:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
 
< %allusersprofile%\*.* >
 
< %allusersprofile%\*.exe /s >
[2009.02.04 14:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2012.04.04 13:17:36 | 000,342,984 | ---- | M] (Adobe Systems Incorporated) -- C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1031-7B44-AA1000000001}\setup.exe
[2012.01.18 19:49:26 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\ProgramData\Apple Computer\Installer Cache\iTunes 10.5.3.3\SetupAdmin.exe
[2012.08.08 21:43:50 | 000,613,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
[2012.05.08 21:09:23 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
[2012.09.28 21:22:43 | 000,533,184 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.exe
[2012.09.28 21:22:40 | 000,499,712 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\ProgramData\Battle.net\Agent\ErrorReporter.exe
[2012.09.28 21:22:40 | 005,845,624 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
[2012.09.28 21:22:43 | 006,011,072 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
[2012.09.28 21:22:55 | 000,533,184 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.exe
[2012.09.28 21:22:44 | 017,735,288 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1682\Blizzard Launcher.exe
[2012.09.28 21:22:55 | 017,672,896 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1857\Blizzard Launcher.exe
[2012.09.28 21:22:40 | 001,714,368 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Setup\wow_dede\World of Warcraft Setup.exe
[2011.07.08 10:38:04 | 001,100,664 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\setup.exe
[2011.07.08 10:34:50 | 000,838,536 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\DW20.EXE
[2011.07.08 10:34:51 | 000,519,584 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\Office.de-de\dwtrig20.exe
[2011.07.06 00:45:24 | 000,149,352 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\Office14\SingleImage.WW\ose.exe
[2010.02.28 02:33:12 | 005,336,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\DE-DE\Office.exe
[2011.06.20 19:13:58 | 001,632,144 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\DE-DE\SetupConsumerC2R.exe
[2011.06.20 19:13:58 | 001,632,144 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\OEMOffice14\OStarter\DE-DE\SetupConsumerC2ROLW.exe
[2011.06.29 01:00:00 | 001,709,928 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\de\wlsetup.exe
[2011.06.29 01:00:00 | 001,664,872 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\en\wlsetup.exe
[2011.06.29 01:00:00 | 001,667,944 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\fr\wlsetup.exe
[2011.06.29 01:00:00 | 001,668,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\it\wlsetup.exe
[2011.06.29 01:00:00 | 001,668,456 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\nl\wlsetup.exe
[2011.06.29 01:00:00 | 001,667,944 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Windows Live 2011\sk\wlsetup.exe
[2011.10.15 10:53:00 | 000,195,904 | ---- | M] (NVIDIA Corporation) -- C:\ProgramData\NVIDIA\Updatus\WLMerger.exe
[1970.01.01 02:00:00 | 000,118,212 | ---- | M] () -- C:\ProgramData\NVIDIA\Updatus\Download\8789D51\drsupdate.11403901_RUNASUSER.exe

< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.10.2012 11:47:08 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Lea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,60 Gb Available Physical Memory | 82,63% Memory free
15,96 Gb Paging File | 14,49 Gb Available in Paging File | 90,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 360,48 Gb Free Space | 77,40% Space Free | Partition Type: NTFS
 
Computer Name: LEA-PC | User Name: Lea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BACAEA-9407-4D2A-BFD2-7A2C213FFFAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{065B5521-F3A8-47BB-81C8-011DA50016E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08B35BA7-8851-4985-96C1-554555083FDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D4E8CF9-88F9-4822-BBAE-7D47B98B91EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{10CC2B2C-C2AA-465F-BE29-62C7A1F7CFD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1422D422-92EF-41FB-9CBB-A48F8D007F77}" = lport=445 | protocol=6 | dir=in | app=system |
"{19E38635-8FBD-4946-9617-0117A0A5C85A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{224B3DCA-6ADB-44EB-9D7E-0B3C56EED18C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{275E288E-B33F-4286-9AD7-9E93BDECD981}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A5315F5-EE22-4383-9996-D0F2D143F707}" = lport=10243 | protocol=6 | dir=in | app=system |
"{41BB5510-0F9B-429F-8B64-9D0A57A1B020}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{540E877F-62CF-4BD6-9415-A486A5CB0F71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AC20EB4-3369-433E-A773-21CC4832E9FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7555DAE7-404C-4EDF-8ABB-F085F2EBAB72}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7D8D46E2-A966-4F1A-89FD-96D655DDA294}" = rport=137 | protocol=17 | dir=out | app=system |
"{801B0B78-685C-4433-9446-A4311C69D5B0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{894E303A-05B6-4E83-8750-97A5E01E2208}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FD6C393-3A6A-4BE3-ADC6-0B49570F612A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5AC38A5-D32C-4211-AA99-15058773C5CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{B43C34B8-6DC3-4499-A6C7-FB0BFD3E0633}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C736058D-35F3-4C7E-87A9-B87CB8B4ADC2}" = lport=138 | protocol=17 | dir=in | app=system |
"{E1092DA6-5F2D-47ED-AD5E-CB942605CC4F}" = rport=445 | protocol=6 | dir=out | app=system |
"{E46E39BB-B703-4357-B831-1B716E4C9284}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1DE5CA9-20D9-49E9-945D-D3722956EDC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015F4FFE-01A4-419B-81F9-1B596404B40F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0F93381F-F40C-419C-8F0D-6E1D732AEADC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{10635109-80F0-4F24-AB44-5BA870A23A35}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{12F6EADF-FD50-47C7-B732-657302ECD8E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1AC9F590-09A6-414B-87E4-ACF67749E447}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{21B2963C-2B76-46B2-85B6-A43AC896D9DA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{2495ECA9-0A32-4F55-8B5C-B5451F552A6C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A1EC517-D0F1-4F48-B0EC-BE8356EF5D13}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2DB68D9C-D1AE-4F98-AF6A-69A839E50153}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{32F82C53-6B82-46DD-8548-F55E4B389D2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43EC7630-860A-4B98-9FC3-A77663BE179A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4584AFFF-CCE7-4454-84A2-9B242A1FF216}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53FD6F5A-9E3D-447A-A06E-BC5E5A791BD1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{540A1635-B1F1-4989-8CEE-0A91940D4ADC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55EABF00-0039-46C1-9DF3-2FE3EE1DB551}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56826CF3-F44A-4ADD-9E11-9A3E9A42418D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5BB837CF-D90B-4BBA-BD9C-D9530CF98BAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6D85FAF1-4AFD-4682-8032-424E14DEEFC0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6DE8D4BD-D7E4-49A2-8D85-82E5695D565C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E0C4A04-E370-45C9-96B3-630E5DA1A9E8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{6F0C7D69-488B-4D18-8450-68A4E8A4CDEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{77EFC5B3-1D1E-494E-A797-A15DB00AD57D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{7B2773B0-F42B-43B7-B2F0-4E7A3E85396C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{8945FE07-FAF6-4EAB-B8AD-47661D615A71}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89551C58-F035-46BA-A686-7B88DB86DF50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8EF575A4-6B7A-4DB7-84B3-207AC194477F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{99717D15-C6B8-448F-9137-BE81AA8C7355}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{9E66833A-CE28-458C-AF8D-787A4BBDFC05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F6B8F90-8F9C-42ED-8BB4-320789C228AA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{A56FDFC6-7F0B-4A64-B133-B44198ABEC5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8901A48-901F-48B9-9F0F-5B4560944B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAB40A4A-4826-4582-953A-2F76181A4804}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB05F6A4-2700-43FA-9CFB-A8BF05BE1F94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD7F97FD-9588-401C-9097-7575023E4811}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BA108F11-32B5-4B1B-AE95-706F1AC4009F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD43B921-A1E6-4A56-87EA-B8C067B95AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{BE76C90E-FF32-4ED7-8186-B6DDC339C968}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEC895A1-E70B-4055-9E1C-E95FEB7AA7B2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CF6B3A3E-630A-46A1-8028-AA04FB5A08A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDD46D1A-11A2-4F7C-8733-819966FD0422}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{E63C7826-5152-4FE8-88AE-B17DFF948C06}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{EBE72C6B-6CAD-4EE1-BE34-AF26F13C1729}" = protocol=6 | dir=out | app=system |
"{FA697A88-929E-4829-8F7E-1B0A2ACACBA5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{FE80AFFB-CC1F-48E9-8386-8D33D76CE6F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{2D7CF5F1-2D8C-4B0F-A04F-06649471FBE8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{3B3A8E71-F01E-4939-8B12-E8C16354A3CE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{4C35671E-6E34-4C16-AB43-A46C7DBA6B3A}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{67F651C5-05A0-447F-927A-24C977CD2C0D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"TCP Query User{79EB0F4C-3C83-4B9F-9395-80ED7EC88F9C}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{7DB6C06F-3DD3-4093-9560-F04A71E56875}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{8D655323-E508-4331-B904-A278AE49EDC2}C:\users\lea\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lea\appdata\roaming\spotify\spotify.exe |
"TCP Query User{93A160B3-B17F-479A-880E-5FDE1E996DDC}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{96DDB1A7-F4F2-4B37-BE0A-8C75B7E2E774}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{9C30F902-808E-4E29-986E-C303D518017A}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{C8178F2B-01FC-43E9-983C-F85A554E40B5}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"TCP Query User{FA612590-F7F7-4323-A76E-8D4CCE904208}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{00135AC1-E47B-4F5B-B2AB-88C0B3841A75}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{1CD1990B-FC42-40A9-9707-7AD100E11679}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{2057A74E-9EF2-406E-8578-934A2A2AC20E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{242EA35A-69B1-497A-8883-8D6621C6A8D3}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{2C4B9287-FDDE-4A41-92F2-1A8D8567F2B4}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
"UDP Query User{4D5E32BE-48C8-4538-AD05-CDA94BAD6CC2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{740EA41E-F58F-445D-B75D-0AC512138CA5}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{7EC0D595-8597-4F24-A8D3-380E328EF866}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
"UDP Query User{973A0D5E-72CF-4741-A68A-9D26410B03E9}C:\users\lea\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lea\appdata\roaming\spotify\spotify.exe |
"UDP Query User{AD75A1AE-AFBD-4270-BE62-8E65797D4BD5}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{D73253BB-133A-408D-8CFC-C6377F4FFEAF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{EE0F53F0-1354-4776-8261-A74C0925A6E4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.18
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.15.706
"Free Video Dub_is1" = Free Video Dub version 2.0.12.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3512377129-1631943422-1255509673-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2012 00:31:57 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.09.2012 00:31:57 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9999
 
Error - 29.09.2012 00:31:57 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9999
 
Error - 29.09.2012 00:31:58 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.09.2012 00:31:58 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998
 
Error - 29.09.2012 00:31:58 | Computer Name = Lea-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998
 
Error - 29.09.2012 08:49:07 | Computer Name = Lea-PC | Source = MsiInstaller | ID = 11316
Description =
 
Error - 29.09.2012 12:49:24 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.09.2012 15:36:48 | Computer Name = Lea-PC | Source = MsiInstaller | ID = 11316
Description =
 
Error - 30.09.2012 05:38:42 | Computer Name = Lea-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11.09.2012 09:56:05 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 11.09.2012 16:28:45 | Computer Name = Lea-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 12.09.2012 01:46:06 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 12.09.2012 06:48:02 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 13.09.2012 13:25:42 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 13.09.2012 13:29:45 | Computer Name = Lea-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 13.09.2012 16:37:39 | Computer Name = Lea-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 14.09.2012 15:38:57 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
Error - 14.09.2012 15:43:22 | Computer Name = Lea-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
 
Error - 15.09.2012 05:48:11 | Computer Name = Lea-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  SBRE
 
 
< End of report >
--- --- ---

ryder 17.10.2012 15:10
Hallo!

Die Durchsicht deines Logsfiles ergibt keinen Befall oder bemerkst du Anzeichen eines Computerschädlings?

Ansonsten führen wir nur mal 2 Kontrollscans durch und machen Updates.

Schritt 1:
Quick-Scan mit Malwarebytes

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quickscan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Schritt 2:
ESET Online Scanner

Zitat:
Wichtig:
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://larusso.trojaner-board.de/Images/eset.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurdeBitte poste die Logfile hier.

Schritt 3:
Update: Firefox, Addons und Plugins

Prüfe bitte auch (regelmässig), ob folgende Links fehlende Updates bei deinen Plugins zeigen:
Schritt 4:
Java Update

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 7 ) herunter laden.
  • Während der Installation entferne den Haken bei:
    http://www.trojaner-board.de/picture...&pictureid=319
  • Wenn die Installation beendet wurde:
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
Fragen:
  • Hast du sonst noch Probleme mit dem Rechner?

ryder 20.10.2012 09:35
Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

ryder 21.10.2012 16:27
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131