Trojaner-Board - Windows 7 schwarzer Bildschirm mit Maus nach dem booten

Code:

Hello World

OTL Text

Code:

OTL logfile created on: 03.11.2012 01:36:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Usersxxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free

6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\iMesh Applications\Mediabar\Datamngr\datamngrUI.exe (iMesh, Inc)

PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\UMOUTL~1.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\OUTLCTL.DLL ()

MOD - C:\PROGRA~2\MICROS~1\Office12\ADDINS\COLLEA~1.DLL ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)

DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)

DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKCU\..\SearchScopes\{08C703C6-13A6-4220-8A22-2DD3F116F128}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q="

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=195e2ea4-22e9-47d9-953a-f15c57de7352&apn_ptnrs=^ABT&apn_sauid=65C1CBDC-5422-4EF3-8342-C6820E44D459&apn_dtid=^YYYYYY^YY^DE&&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

 

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions

[2012.10.25 20:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions

[2012.09.18 19:39:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{bff6b2ca-366c-4a90-b685-d87776deb0d2}

[2012.08.25 10:17:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

[2012.09.29 09:43:45 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012.11.02 21:03:08 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml

[2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml

[2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc)

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKCU..\RunOnce: [SimboApp] C:\Users\derneuste\AppData\Local\Temp\4108845567\simboapp.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

[2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software

[2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional

[2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software

[2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB}

[2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings

[2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.03 01:12:54 | 000,001,460 | ---- | M] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk

[2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.02 21:09:25 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.02 21:01:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.11.02 21:01:50 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.10.29 22:30:33 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI

[2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url

[2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.11.03 01:12:54 | 000,001,460 | ---- | C] () -- C:\Users\derneuste\Desktop\OTL.exe - Verknüpfung.lnk

[2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll

[2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe

[2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll

[2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe

[2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll

[2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss

[2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll

[2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini

[2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat

[2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg

[2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 03.11.2012 01:36:59 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 49,68% Memory free

6,99 Gb Paging File | 5,23 Gb Available in Paging File | 74,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 334,08 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,92 Gb Free Space | 72,06% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,69 Gb Free Space | 24,76% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 13,74 Gb Free Space | 7,38% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1A568008-57FB-463F-868A-78AB41098F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system | 

"{458969DF-C637-432A-A179-ECDBA5837111}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{7285B9F4-12A6-49C2-A053-918CD824AAD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe | 

"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{F2C64FFC-50AE-480A-86E0-1B36E6960748}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2

"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2

"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common

"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish

"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French

"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All

"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB 

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7

"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Album Art Downloader XUI" = Album Art Downloader XUI 0.43

"Album Cover Finder_is1" = Album Cover Finder v.7.1.3

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"avast" = avast! Free Antivirus

"Avira AntiVir Desktop" = Avira Free Antivirus

"CDex" = CDex - Open Source Digital Audio CD Extractor

"DMEXMENU" = DMEX Menu Extention (Uninstall only)

"ESET Online Scanner" = ESET Online Scanner v3

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"imeshtoolbar2" = Search-Results Toolbar

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor 2" = Native Instruments Traktor 2

"PROPLUS" = Microsoft Office Professional Plus 2007

"SopCast" = SopCast 3.5.0

"TagScanner_is1" = TagScanner 5.1.607

"TreeSize Professional_is1" = TreeSize Professional V5.5.5

"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions

"WinLiveSuite" = Windows Live Essentials

"xp-AntiSpy" = xp-AntiSpy 3.98-1

"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 18.10.2012 01:22:57 | Computer Name = derneuste-PC | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 34

Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.

 

Error - 18.10.2012 01:22:59 | Computer Name = derneuste-PC | Source = Outlook | ID = 35

Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet

 (Fehler=0x8007043c).

 

Error - 18.10.2012 15:41:02 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2012 18:50:05 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385,

 Zeitstempel: 0x4a5bc2c6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,

 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000009970a

ID

 des fehlerhaften Prozesses: 0x9cc  Startzeit der fehlerhaften Anwendung: 0x01cdad82e9a7cddf

Pfad

 der fehlerhaften Anwendung: C:\windows\system32\DrvInst.exe  Pfad des fehlerhaften

 Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 284088ad-1976-11e2-8f7a-50e54953e126

 

Error - 18.10.2012 18:51:12 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2012 18:52:39 | Computer Name = derneuste-PC | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 3.5.0.0, Zeitstempel:

 0x4ca242ed  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,

 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xe0434f4d  Fehleroffset: 0x000000000000cacd

ID

 des fehlerhaften Prozesses: 0xf1c  Startzeit der fehlerhaften Anwendung: 0x01cdad833d59bca1

Pfad

 der fehlerhaften Anwendung: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Pfad

 des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll  Berichtskennung: 839cccea-1976-11e2-8f7a-50e54953e126

 

Error - 21.10.2012 12:33:19 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

[ OSession Events ]

Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.10.2012 21:47:31 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

 

< End of report >

Hallo Cosinus,

ich hoffe Du kannst damit was anfangen.

Vielen dank für Deine Mühen und Geduld

Gruss
Derzapfer

Hallo Cosinus,
was Du alles siehst ...

Auf ein Neues
Sollte jetzt alles richtig sein ...

Grus sund schönen Sonntag

Derzapfer

Code:

OTL logfile created on: 04.11.2012 16:50:04 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free

6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\derneuste\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

PRC - E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

PRC - E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (AMD FUEL Service) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- E:\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirWebService) -- E:\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- E:\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)

SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (inpoutx64) -- C:\Windows\SysNative\drivers\inpoutx64.sys (Highresolution Enterprises [www.highrez.co.uk])

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)

DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)

DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{EFA2FEF8-C124-4225-9FCD-B5184E23CC78}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKLM\..\SearchScopes\{2E03954E-89B9-46F7-AA70-B14847C6067C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.net

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{40FCBC03-113D-4A4E-9A0D-771855886A78}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=1083&systemid=1&apn_dtid=IME001&apn_ptnrs=AG1&o=APN10653&apn_uid=3280454340074400&q={searchTerms}

IE - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474

FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926

FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015

FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=44a357d9-393a-40f1-b0d6-cd7765c20ae9&apn_ptnrs=^ABT&apn_sauid=8B05E438-3C3B-4CAF-9782-6361CCDB8502&apn_dtid=^YYYYYY^YY^DE&&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: E:\PDF_Nitro\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 21:54:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 21:56:42 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.26 21:56:39 | 000,000,000 | ---D | M]

 

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Extensions

[2012.11.04 14:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions

[2012.11.04 13:30:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2012.11.04 14:36:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\derneuste\AppData\Roaming\mozilla\Firefox\Profiles\rnt99qkn.default\extensions\toolbar@ask.com

[2012.11.04 14:36:48 | 000,002,413 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\askcom.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\Search_Results.xml

[2012.09.25 19:40:20 | 000,003,915 | ---- | M] () -- C:\Users\derneuste\AppData\Roaming\mozilla\firefox\profiles\rnt99qkn.default\searchplugins\sweetim.xml

[2012.10.26 21:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.18 19:39:53 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\IMESH APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION

[2012.11.02 21:54:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.10.26 21:56:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.09.18 19:39:38 | 000,002,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {bff6b2ca-366c-4a90-b685-d87776deb0d2} - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE (iMesh, Inc)

O4 - HKLM..\Run: [iSaverCtrl] C:\Program Files (x86)\iSaver\iSaverCtrl.exe (infoMantis GmbH)

O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2060105697-235347385-2913916759-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - E:\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - E:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBD353B-2ECF-40CF-A0A7-08855C94329C}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D30CE1CA-0DAE-4325-A5E1-A1AC77CE0A0E}: DhcpNameServer = 10.111.81.129 10.129.32.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll (iMesh, Inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\IEBHO.dll (iMesh, Inc)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.04 14:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.11.04 14:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

[2012.11.04 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2012.11.04 14:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2012.11.04 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager

[2012.11.03 23:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.11.02 21:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.11.02 21:55:15 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.11.02 21:55:15 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.11.02 21:54:29 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr

[2012.11.02 21:54:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.11.02 21:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.10.30 18:40:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012.10.30 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Desktop\Virensuchprogramme zT alt

[2012.10.29 22:30:22 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\JAM Software

[2012.10.29 22:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional

[2012.10.29 22:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JAM Software

[2012.10.29 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Local\{80886A99-B8E8-423C-A76E-B5C67B5625BB}

[2012.10.29 19:14:23 | 000,000,000 | ---D | C] -- C:\Users\derneuste\Local Settings

[2012.10.29 19:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012.10.29 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip

[2012.10.26 21:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.26 06:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.10.26 06:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.25 20:51:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.25 20:51:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.25 20:51:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.25 20:46:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.25 20:46:46 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.22 18:16:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.10.21 18:43:27 | 000,000,000 | ---D | C] -- C:\windows\Minidump

[2012.10.21 18:11:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe

[2012.10.21 18:11:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.10.21 18:11:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.10.21 18:11:19 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.10.21 18:11:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2012.10.21 18:11:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2012.10.21 18:10:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2012.10.21 18:10:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2012.10.21 18:10:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2012.10.21 18:10:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2012.10.21 18:10:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2012.10.21 18:10:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2012.10.21 18:10:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2012.10.21 18:10:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2012.10.21 18:10:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2012.10.21 18:10:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012.10.21 18:10:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012.10.21 18:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2012.10.21 18:10:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll

[2012.10.21 18:04:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012.10.21 18:04:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.10.13 12:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.10.13 11:48:38 | 000,000,000 | ---D | C] -- C:\Users\derneuste\AppData\Roaming\Malwarebytes

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.10.13 11:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.10.13 11:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.10.12 17:59:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.04 16:02:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.04 15:55:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.11.04 15:55:16 | 2816,389,120 | -HS- | M] () -- C:\hiberfil.sys

[2012.11.04 04:46:12 | 000,000,471 | ---- | M] () -- C:\windows\BRWMARK.INI

[2012.11.02 21:55:18 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2012.11.01 18:36:01 | 000,000,512 | ---- | M] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys

[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr

[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe

[2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

[2012.10.29 19:13:19 | 000,000,223 | ---- | M] () -- C:\Users\derneuste\Desktop\Search the Web.url

[2012.10.29 19:13:19 | 000,000,217 | ---- | M] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.21 18:43:18 | 233,669,028 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.10.11 20:29:33 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.11.02 21:55:18 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.11.02 21:55:15 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt

[2012.11.01 17:55:41 | 000,000,512 | ---- | C] () -- C:\Users\derneuste\Desktop\MBR.dat

[2012.10.29 19:13:19 | 000,000,217 | ---- | C] () -- C:\Users\derneuste\Desktop\SweetPcFix.url

[2012.10.25 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.25 20:51:21 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.25 20:51:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.25 20:51:21 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.25 20:51:21 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.21 18:43:18 | 233,669,028 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.10.21 18:01:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.02.04 10:31:40 | 000,496,640 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll

[2012.02.04 10:31:40 | 000,131,176 | ---- | C] () -- C:\windows\SysWow64\mp3gain.exe

[2012.02.04 10:31:40 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\akrip32.dll

[2012.02.04 10:31:39 | 000,580,096 | ---- | C] () -- C:\windows\SysWow64\lame.exe

[2012.02.04 10:31:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\Mp3Ctrl.dll

[2012.02.04 10:31:38 | 000,003,180 | ---- | C] () -- C:\Users\derneuste\AppData\Local\ZortamMp3MediaStudio.iss

[2012.01.25 13:00:51 | 000,367,104 | ---- | C] () -- C:\windows\dmexmenu.dll

[2012.01.25 13:00:51 | 000,072,791 | ---- | C] () -- C:\windows\dmexlanguage.ini

[2012.01.12 08:02:30 | 000,000,471 | ---- | C] () -- C:\windows\BRWMARK.INI

[2012.01.12 08:02:30 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\bd4040cn.dat

[2012.01.12 08:02:30 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI

[2011.12.31 12:53:44 | 000,007,643 | ---- | C] () -- C:\Users\derneuste\AppData\Local\Resmon.ResmonCfg

[2011.12.19 13:21:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2011.12.14 07:53:04 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat

[2011.12.14 07:53:04 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat

[2011.12.14 07:53:03 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll

[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:8331D35A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92
 

< End of report >

Code:

OTL Extras logfile created on: 04.11.2012 16:50:04 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 58,50% Memory free

6,99 Gb Paging File | 5,31 Gb Available in Paging File | 75,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 467,66 Gb Total Space | 333,44 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive E: | 244,14 Gb Total Space | 175,88 Gb Free Space | 72,04% Space Free | Partition Type: NTFS

Drive J: | 204,71 Gb Total Space | 50,67 Gb Free Space | 24,75% Space Free | Partition Type: NTFS

Drive L: | 298,01 Gb Total Space | 171,33 Gb Free Space | 57,49% Space Free | Partition Type: FAT32

Drive M: | 186,26 Gb Total Space | 20,84 Gb Free Space | 11,19% Space Free | Partition Type: FAT32

 

Computer Name: DERNEUSTE-PC | User Name: derneuste | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1"

Directory [MediaMonkey.2PlayNext] -- "E:\MediaMonkey\MediaMonkey.exe" /NEXT "%1"

Directory [MediaMonkey.3Enqueue] -- "E:\MediaMonkey\MediaMonkey.exe" /ADD "%1"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{20FBB5EB-99A0-42DB-B29B-95E7493D03C1}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{3049C825-D488-4DA3-B3B4-E62169485D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3E5E5400-4E04-47FB-95D4-DF1A6E006C90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3FF94C8B-00F0-46C9-911B-3E87AB25F5AE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{443C821F-B87B-4683-8158-0719BE06533A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{541CBC2C-8E3D-4A8F-8B4F-E3E1A946F2E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{616EF830-2F7F-45B2-A679-76DE25C640BE}" = lport=137 | protocol=17 | dir=in | app=system | 

"{641E1BD0-D187-40D8-95B8-092D9ACBDC7E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{72931074-907F-40D8-8A23-157338BC3F28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{72FF699C-8D56-4230-9B11-510A19251D2D}" = lport=138 | protocol=17 | dir=in | app=system | 

"{7F3614BF-5281-4C04-A7E2-DD16B9CD9850}" = lport=139 | protocol=6 | dir=in | app=system | 

"{9318B394-96C6-4024-BBD5-16CF086326FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{9542F82F-9EA5-47AD-91CF-1E7EE4D9C617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A3427852-3B59-478A-A1DF-B7E7D1101C73}" = rport=139 | protocol=6 | dir=out | app=system | 

"{A47E5180-433B-40D8-B75A-AD1B6504D072}" = rport=138 | protocol=17 | dir=out | app=system | 

"{C421D11C-1E92-4CBE-A8C4-ED8C05C05BFC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{CC796F37-CD1A-495C-A23F-B7CB548E84DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{D5315284-EAA7-4D13-9D3F-582A0EF644E2}" = lport=445 | protocol=6 | dir=in | app=system | 

"{D825BDAE-DAAA-4C4E-8473-2AC56FE32FFD}" = rport=137 | protocol=17 | dir=out | app=system | 

"{D9787DF8-5048-4AF2-9D7E-F972D343BFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E6707DF3-D2F5-4D3E-B9EE-C67DAEB68B3A}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EC614620-0EFF-4FA9-B710-800E536C7328}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{ED53443E-B4D5-4D02-B872-6E58EFB04165}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F2C2D1A2-3F78-41CD-9106-6C81FC3236C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F5E788DC-F8D7-48D5-BD05-072D82B724D1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7385103-B4F1-40E5-BB33-BDC5EE9C7FF2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D374B86-FC52-419F-8603-A722EE4085F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F2378A4-4081-4E83-81A0-3B7D2B245129}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{250142E6-F321-443E-8D5B-16842CF9ED2E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{2D87A4E1-7D02-4A93-BD88-A002DDE44F0F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{371AB414-A435-42CE-ADCA-44C8498F4AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{389694AA-D77B-439E-B449-291B7EA9F70D}" = protocol=6 | dir=out | app=system | 

"{54479F16-3E01-4524-8B74-32BF1DBF84A6}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{5677E414-FBBD-4C44-B810-BF16E846F41D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5C8EE087-996C-4F98-8D0E-0F144FE8316C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{652BFB55-E392-48B0-9B70-2B71E9133F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{6AEFD876-EBBD-4955-B174-55DE88A6B62C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6C9D638C-23AF-472F-AF46-AF01F6F949AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{6EBABDD9-D621-49A1-ABE6-DF17830C529F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{72F7AF9B-56C5-4F74-82EB-F9318DE10F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{7481F9BD-F521-46D8-8996-3876B4A8068F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7FD5A2D2-E5BC-42BA-9C9A-0D932661AAED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8238485B-D43B-42E2-AE8D-6EE5790CB605}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{9A6FDA7E-27D7-45F8-8192-71FF87F099F6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{9FBB6CE4-6D9A-46C0-9F44-E907F7ED79CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A17550BF-9949-43D5-94BF-8969B65E5EE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A9324A41-5C3E-4729-ABEA-BB1166D42831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC22DDDB-ABF5-4054-84A9-A3C30FDD7B20}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{B9FB8E14-C17B-4C1F-B867-E40435A00313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CB5EA568-2DF1-426C-91BE-A2791B106193}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{D1089845-536B-4F00-B456-0F0551821569}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{DB9EA595-9769-4435-A662-D7AD0B6D6329}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{DD2A2C6C-C8C9-48D1-A1B0-57303F662869}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DD3E584B-BF79-4266-AC72-14AC62268CC7}" = dir=in | app=c:\itunes\itunes.exe | 

"{DEBE0657-84DB-46E9-AAE5-60C98D865A8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DECD30F1-09CE-4C4A-915F-BA18A46643D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{E53FE676-3212-4EF7-ABFA-71C80F7BABC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E9E324A2-0936-44CB-958B-588C08C624BB}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\srtool~1\dtuser.exe | 

"{EE3ECBA6-B08C-4C12-92D8-41F42E4D445B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 

"{FA7C3A6D-6ED3-4894-A276-AA5C7FCF7A6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"TCP Query User{175A9775-18B5-499F-850A-DACD0D211EB5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{31217E38-C89C-48CA-856A-6D986AEE867C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{448A4D01-04BF-45DE-BC71-D6B18C784FA9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{4EF07B70-FBB6-4CB2-B8EC-BB747B39570F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 

"UDP Query User{655AF68B-CC63-4542-84EA-76534E115BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{70B8D477-D557-4A2D-8139-6291FE55BB74}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{62478EFF-4C2D-7C34-3CE4-23E1CF4A53DD}" = ccc-utility64

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{76A9BB62-F6BC-83B7-B774-B4ED34009E62}" = AMD Fuel

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A08E9F7F-D07D-4029-973D-D9DB7DF4A285}" = Nitro Reader 2

"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2

"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"Free PDF to Word Converter_is1" = Free PDF to Word Converter 5.1.0.383

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{12FCEE02-33A5-478A-A0B1-219E07BA0B47}" = MP3-Tag-Editor 3.10

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common

"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish

"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French

"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All

"{4D161755-840F-40E8-B0F4-DAB6D1A15978}" = Heja BVB 

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center

"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CA142FB8-084F-4B22-BCC7-890B0F42A0DF}" = Maximized Software iCoverArt

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Album Art Downloader XUI" = Album Art Downloader XUI 0.43

"Album Cover Finder_is1" = Album Cover Finder v.7.1.3

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"avast" = avast! Free Antivirus

"Avira AntiVir Desktop" = Avira Free Antivirus

"CDex" = CDex - Open Source Digital Audio CD Extractor

"DMEXMENU" = DMEX Menu Extention (Uninstall only)

"ESET Online Scanner" = ESET Online Scanner v3

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"imeshtoolbar2" = Search-Results Toolbar

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor 2" = Native Instruments Traktor 2

"PROPLUS" = Microsoft Office Professional Plus 2007

"Security Task Manager" = Security Task Manager 1.8d

"SopCast" = SopCast 3.5.0

"TagScanner_is1" = TagScanner 5.1.607

"TreeSize Professional_is1" = TreeSize Professional V5.5.5

"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions

"WinLiveSuite" = Windows Live Essentials

"xp-AntiSpy" = xp-AntiSpy 3.98-1

"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 13.35

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2060105697-235347385-2913916759-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 21.10.2012 12:35:57 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren

 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

 

Error - 21.10.2012 12:36:01 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 12:52:39 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 12:57:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 13:03:05 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100

Description = 

 

Error - 21.10.2012 13:44:01 | Computer Name = derneuste-PC | Source = Bonjour Service | ID = 100

Description = 

 

Error - 21.10.2012 13:45:08 | Computer Name = derneuste-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.10.2012 13:48:38 | Computer Name = derneuste-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002

Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators

 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge

 ist "??A ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch

 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die

 letzten gültigen Indexwerte enthalten.

 

Error - 21.10.2012 16:07:27 | Computer Name = derneuste-PC | Source = Windows Backup | ID = 4104

Description = 

 

[ OSession Events ]

Error - 01.09.2012 10:38:49 | Computer Name = derneuste-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8265

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:49:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:54:37 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 25.10.2012 21:56:45 | Computer Name = derneuste-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 30.10.2012 13:32:14 | Computer Name = derneuste-PC | Source = WMPNetworkSvc | ID = 866300

Description = 

 

 

< End of report >