Hallo t'john,
ich habe den Scan mit OTL ausgeführt. Wie in der bebilderten Anleitung gezeigt, habe ich die LOP und Purity Prüfung angehakt.
Hier der Report OTL Code:
OTL logfile created on: 02.01.2013 11:49:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kay Schaarschmidt\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219,88 Gb Total Space | 122,92 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
Computer Name: NEMESIS | User Name: Kay Schaarschmidt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kay Schaarschmidt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corp.)
PRC - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\SysWOW64\lktsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\SysWOW64\lkads.exe (National Instruments, Inc.)
PRC - C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files (x86)\Dassault Systemes\CATIA\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corp.)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments, Inc.)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)
SRV - (BBDemon) -- C:\Program Files (x86)\Dassault Systemes\CATIA\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV:64bit: - (NiViPciK) -- C:\Windows\SysNative\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV:64bit: - (NiViPxiK) -- C:\Windows\SysNative\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV:64bit: - (NiViFWK) -- C:\Windows\SysNative\drivers\NiViFWKl.sys (National Instruments Corporation)
DRV:64bit: - (nidimk) -- C:\Windows\SysNative\drivers\nidimkl.sys (National Instruments Corporation)
DRV:64bit: - (niorbk) -- C:\Windows\SysNative\drivers\niorbkl.sys (National Instruments Corporation)
DRV:64bit: - (nipalusbedl) -- C:\Windows\SysNative\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV:64bit: - (nipalfwedl) -- C:\Windows\SysNative\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV:64bit: - (NIPALK) -- C:\Windows\SysNative\drivers\nipalk.sys (National Instruments Corporation)
DRV:64bit: - (nipbcfk) -- C:\Windows\SysNative\drivers\nipbcfk.sys (National Instruments Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 2F BF 27 BE 40 CC 01 [binary data]
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3060216584-2411262382-2270724277-1001..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-3060216584-2411262382-2270724277-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3060216584-2411262382-2270724277-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EBF8CF7-866E-4C22-9F43-294A1754589C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.02 11:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kay Schaarschmidt\Desktop\OTL.exe
[2013.01.01 17:29:59 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.01 17:29:59 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.01 17:29:59 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.01 10:39:31 | 000,000,000 | ---D | C] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Malwarebytes
[2013.01.01 10:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.01 10:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.01 10:39:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.01 10:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.01 10:38:54 | 000,000,000 | ---D | C] -- C:\Users\Kay Schaarschmidt\AppData\Local\Programs
[2012.12.21 15:59:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.21 15:59:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.21 15:59:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.21 15:59:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.21 15:59:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.21 15:59:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.21 15:59:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.21 15:59:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.21 15:59:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.21 15:59:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.21 15:59:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.21 15:59:26 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.21 15:59:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.21 15:59:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.21 15:59:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.21 15:57:44 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.21 15:57:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 15:57:43 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.21 15:57:42 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.21 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Avira
[2012.12.21 15:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.21 15:49:39 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.21 15:49:39 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.21 15:49:39 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.21 15:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.21 15:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.12.21 15:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.12.21 15:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.21 15:34:11 | 000,063,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.21 15:34:10 | 006,223,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.21 15:34:10 | 003,311,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.12.21 15:34:10 | 002,557,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.21 15:34:10 | 000,118,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.21 15:33:34 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.21 15:33:34 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.12.21 15:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.12.21 15:23:53 | 026,811,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.21 15:23:53 | 020,335,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.21 15:23:53 | 007,446,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.21 15:23:53 | 006,149,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.21 15:23:52 | 018,045,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.21 15:23:52 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.21 15:23:52 | 015,122,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.12.21 15:23:52 | 015,016,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.12.21 15:23:52 | 012,603,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.12.21 15:23:52 | 009,271,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.21 15:23:52 | 007,819,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.21 15:23:52 | 002,606,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.21 15:23:52 | 002,226,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.21 15:23:52 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.21 15:23:52 | 001,805,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.21 15:23:52 | 001,504,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.12.21 15:23:49 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.21 15:23:49 | 002,816,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.21 15:23:49 | 002,784,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.21 15:23:49 | 002,496,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.12.21 15:17:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.21 15:17:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.21 15:17:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.21 15:17:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.21 15:17:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.21 15:17:23 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.21 15:17:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.21 15:17:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.21 15:17:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.21 15:17:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.21 15:17:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.21 15:17:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.21 15:17:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.21 15:17:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.21 15:17:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.21 15:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.21 15:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.21 15:17:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.21 15:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.21 15:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.21 15:17:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.21 15:17:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.21 15:17:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.21 15:17:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.21 15:17:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.21 15:17:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.21 15:16:57 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.21 15:16:57 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
========== Files - Modified Within 30 Days ==========
[2013.01.02 11:45:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kay Schaarschmidt\Desktop\OTL.exe
[2013.01.02 11:27:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.02 09:20:37 | 000,026,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 09:20:37 | 000,026,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.02 09:18:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.02 09:18:24 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.02 09:18:24 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.02 09:18:24 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.02 09:18:24 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.02 09:13:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.01.02 09:12:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.02 09:12:44 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.31 16:33:57 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.29 23:21:46 | 000,183,820 | ---- | M] () -- C:\Users\Kay Schaarschmidt\Desktop\Kirchberger_Blitz_49.pdf
[2012.12.26 13:51:27 | 000,171,618 | ---- | M] () -- C:\Users\Kay Schaarschmidt\Desktop\Zwickauer Stadtmeisterschaft 2012.pdf
[2012.12.21 16:54:48 | 000,007,602 | ---- | M] () -- C:\Users\Kay Schaarschmidt\AppData\Local\Resmon.ResmonCfg
[2012.12.21 16:07:47 | 000,534,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.21 15:49:53 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 17:27:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 17:27:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.03 16:47:14 | 026,811,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.03 16:47:14 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.03 16:47:14 | 020,335,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.03 16:47:14 | 018,045,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.03 16:47:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.03 16:47:14 | 015,122,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.12.03 16:47:14 | 015,016,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.12.03 16:47:14 | 012,603,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.12.03 16:47:14 | 009,271,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.03 16:47:14 | 007,819,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.03 16:47:14 | 007,446,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.03 16:47:14 | 006,149,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.03 16:47:14 | 002,816,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.03 16:47:14 | 002,784,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.03 16:47:14 | 002,606,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.03 16:47:14 | 002,496,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.12.03 16:47:14 | 002,226,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.03 16:47:14 | 001,805,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.03 16:47:14 | 001,504,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.12.03 16:47:14 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.03 16:47:14 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.12.03 16:47:14 | 000,014,446 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.03 14:52:34 | 000,004,562 | ---- | M] () -- C:\Users\Kay Schaarschmidt\Desktop\Ti_Reflex.png
========== Files Created - No Company Name ==========
[2013.01.01 14:10:17 | 000,007,669 | ---- | C] () -- C:\Users\Kay Schaarschmidt\Desktop\Sources.xml
[2012.12.31 16:33:57 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.29 23:21:39 | 000,183,820 | ---- | C] () -- C:\Users\Kay Schaarschmidt\Desktop\Kirchberger_Blitz_49.pdf
[2012.12.26 13:51:26 | 000,171,618 | ---- | C] () -- C:\Users\Kay Schaarschmidt\Desktop\Zwickauer Stadtmeisterschaft 2012.pdf
[2012.12.21 16:54:48 | 000,007,602 | ---- | C] () -- C:\Users\Kay Schaarschmidt\AppData\Local\Resmon.ResmonCfg
[2012.12.21 15:49:53 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.21 15:23:52 | 000,014,446 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.03 14:52:31 | 000,004,562 | ---- | C] () -- C:\Users\Kay Schaarschmidt\Desktop\Ti_Reflex.png
[2011.07.13 18:35:05 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.13 18:35:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7420.DAT
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.12.08 08:41:46 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Autodesk
[2011.11.11 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\ChessBase
[2011.10.29 10:17:34 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\DAEMON Tools Pro
[2012.08.31 08:04:59 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\DassaultSystemes
[2012.06.08 06:33:18 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Dropbox
[2012.10.12 14:38:26 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\GORATEC
[2011.11.08 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Mathsoft
[2011.07.05 21:58:40 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\OpenCandy
[2012.01.29 22:41:25 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\pdfforge
[2012.07.15 15:10:33 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\TeamViewer
[2011.07.05 21:58:52 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\Uniblue
[2011.10.29 09:56:29 | 000,000,000 | ---D | M] -- C:\Users\Kay Schaarschmidt\AppData\Roaming\xplugin
========== Purity Check ==========
< End of report >
Und hier jetzt der Extra Report: Code:
OTL Extras logfile created on: 02.01.2013 11:49:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kay Schaarschmidt\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,12% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219,88 Gb Total Space | 122,92 Gb Free Space | 55,90% Space Free | Partition Type: NTFS
Computer Name: NEMESIS | User Name: Kay Schaarschmidt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FE9361-971B-489E-AB51-906D3319899E}" = lport=139 | protocol=6 | dir=in | app=system |
"{07525F23-337E-4FC8-BB63-D62771EF63AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B8CBBC8-0AB1-471C-A87B-49F39245EAE1}" = rport=139 | protocol=6 | dir=out | app=system |
"{10D36DBC-6D24-4BF0-8C58-7A487C148B05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E2336D1-49AD-4C25-A5B1-8885B8BAB7D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3B9BC37B-656E-4FAF-9683-7D58640D0255}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C7F0DFD-4B1B-475E-961F-5A04C7BCE91E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47AE421B-B314-48FA-B285-7135C4962F31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4858B10B-60EB-4409-B46F-7E775385A6C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{741503E4-B4C7-4046-8F92-B949149B75B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{74935A75-12D1-449E-8321-99E14FF52329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B8ECCB1-3A98-477A-A602-AC97BBD36E6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CF3756D-4228-49CB-9C7A-59B8B9880645}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3BB8CA-0B33-4454-BD65-3B76B3334AAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F0A3BFD-D628-4FB7-B707-C9CDAC5BA0E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92061D59-96A9-4A8A-9A19-648F8BAEF3EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D32B0A2-B6FE-4F91-8608-1B3D8D3124AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE9CD0D6-0748-4CB0-B196-78AC072F6D18}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0D9EF92-FEB6-4CA8-BD9F-212CAB6458B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5735DE0-8EC2-4721-B655-DC1DDAEC1DF4}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9202093-465A-4D75-892B-82B88B127E6A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1CEC4A1-838C-41B0-831C-633058E81015}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DBFB30B9-5B7F-4B56-99E8-BDB739391F57}" = lport=30007 | protocol=17 | dir=in | name=xenics discover protocol |
"{EB041F07-A884-4A9A-90E4-83F0113F1835}" = lport=445 | protocol=6 | dir=in | app=system |
"{F7B0C3CC-7751-4839-93BF-5D106F992FD7}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{174EA3D5-64DE-4D32-A477-C1DEF6DE6D2A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1D6932E8-93E4-4267-B5BD-EDB4CE308603}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{1FF71AED-28B8-4C73-AFE4-A86087C278C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2977031C-33A7-4DFB-97A6-7483B23BD606}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3167DCF8-1939-403D-BA05-87A29A032C5E}" = protocol=17 | dir=in | app=c:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe |
"{3462E6A7-DA65-4566-BFB3-3B143E07C4C4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{358A59CB-CA0D-4033-9A1B-6FB01363CC54}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B3E0919-07D1-4358-A9F8-084E979BFFFC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{45D46371-A895-46D5-A0AD-2E2CA05C088C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A32FBE7-AA0C-4BCE-9612-FAD9E9105FD9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4ADF0330-12E7-4C25-9D96-4843B031023D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{550A7645-70A8-4AE1-B16D-F41324376308}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{66FCCA11-601B-4399-82A9-784DDF089DDD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6C76F587-9403-4D25-856D-8056FEBC09CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7DA50340-99B9-41B4-867F-FDA213DF3095}" = protocol=6 | dir=in | app=c:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F2B30A8-67A8-4009-8C1F-AE9975B63190}" = protocol=6 | dir=out | app=system |
"{8335EA5C-5AAE-4D65-850D-2525162842D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FF7B1D6-8146-41DF-8533-3CB217147682}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9518E027-C850-4BAF-9B73-4F6E4AB4BF61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{95F87C34-59EB-4D80-9189-B55BA2126411}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B247DFE-909A-467A-BEAA-6D4363D6DD41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3221A11-CA95-4F33-8088-0027BB5543B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4D56C18-EF0D-4AE8-9855-70C66AAD9DC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB2AA8DF-B6F4-4D22-B03D-B5A7EAAD6109}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE52F3E6-3585-445C-8CC4-2B12326015D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2CA0007-BFB2-44D8-8391-F8A0AE05B9DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C70C9D78-1FB5-4BC7-814E-AE41609E67F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDDCB51D-E581-4388-B463-06BC5B5F595C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{D05A6F11-E72E-46CC-9EEE-0B11C9E4E19B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{D3539B63-632E-4B3F-9BB7-0019ADB029E0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D75E9EB5-B322-400B-BF54-E85E05648466}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E7079A62-DB57-4293-BF42-01104E25770C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E87650BE-B929-415C-BCA9-C9F450E8A13B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA8E4ABB-B86F-4F66-B989-AB76CFF23FA9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{17A966DD-F574-4E66-BC78-0A2C163426A7}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{23D78C94-32FB-4820-BA5A-3831F6520344}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe |
"TCP Query User{2476FBCB-5426-44D0-A44B-C3C2466E2092}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{31158C1C-1A67-4D0D-BC5C-1468ED4E83A0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5682D174-E053-4F85-9EDE-4CB44AF5B2F3}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{57F38220-0715-4CEB-AEAB-6207F2FD4F9D}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{8353BC86-0297-4550-8678-CFFF0FC9733B}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe |
"TCP Query User{AE61E2C9-EE49-4DD0-8186-3B1E777604BD}C:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C5ACC653-A24B-4CBC-A5C3-6EA5C9CDBA2E}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{E233AC37-D502-482D-8B26-50B2AB421AC3}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{EE5971DC-4C35-430D-A11F-DA73112BC352}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{F5C7DDF9-5BB9-4DAA-82E5-E78F2A2BE34A}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{F79E09A9-DC62-4B13-BD89-C6AA1D932481}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"TCP Query User{FE78F49C-B691-4B65-8D67-33A988EE79E7}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\orbixd.exe |
"UDP Query User{203DE447-682B-4897-AD31-1587C7841DC6}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{3180E508-FFD3-483D-AFC8-DCB875DC8BBA}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{3CF2CEEC-934D-4E6C-BF73-D2B7FB101CAC}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe |
"UDP Query User{3DA3785B-2D7B-4F2E-B43E-58B8ECB9252D}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\cnext.exe |
"UDP Query User{41408FBA-7CF6-459F-8B26-562E14386664}C:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kay schaarschmidt\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{452143EC-B837-4518-A21D-1322C90AC5C9}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{5D0B1BBD-0A6A-4C76-BEF4-BEBCBAFA265C}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{6A20AA81-3421-4736-84C2-7247E26A8736}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{8768CF5B-268A-4207-B6D2-E62B4C2F697E}C:\program files (x86)\dassault systemes\catia\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\catia\intel_a\code\bin\orbixd.exe |
"UDP Query User{8F9E66A1-66A9-48A9-B649-A7CE5903995E}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{99E4198B-13EE-4C64-894B-9C8D2C40C3F4}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{AE7F1CA4-560A-4B1B-B25B-A999B3B25BB9}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{D21D6342-FCEE-47F3-B417-66936CAD66B8}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"UDP Query User{F7B92F06-3820-4B52-ACE2-42F5976E1521}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7FA96ABF-DFEA-4610-A89B-BBA8969A3493}" = NI VC2005MSMs x64
"{8B32610C-ADE1-49C1-BB38-3354900DC36C}" = NI-ORB 1.6.0f0 for 64 Bit Windows
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90274FD7-0757-4F44-94C5-994FDB93B8ED}" = NI-PAL 2.0.0f0 for 64 Bit Windows
"{9077436C-73C8-41B8-BF12-C35E7C0CB3D5}" = NI-VISA x64 support 4.1
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EF99B488-D510-4463-9DB8-C7FFB47858F0}" = NI-DIM 1.6.0f0 for 64 Bit Windows
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows-Treiberpaket - FTDI CDM Driver Package (10/22/2009 2.06.00)
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0144F682-8DB9-4B58-8B4E-67696C76A206}" = 800_Multi_Software
"{1BE08195-5CFE-41D5-B224-940EF06B9BCE}" = NI-PAL 2.0.0f0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 10
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{4753C016-031E-44C6-AFA1-0B01575FE1EC}" = AMPROBE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{67DFA904-E2FE-4970-90B9-6218DFF1CE90}" = NI-DIM 1.6.0f0
"{6B3AD61D-3836-4792-95AA-DB63DDC5B008}" = NI-ORB 1.6.0f0
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020
"{8B073FE8-ED47-439E-94A9-68C1B8242FC1}" = NI-RPC 3.3.1f0
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8BBA31C1-6FEB-4f66-B21A-8CE5DB6E1948}_is1" = GORATEC Thermography Studio v5.1.0.914
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PRJPROR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A225C44C-0C31-4A45-B97F-B308212EA79A}" = NI Certificates Deployment Support
"{A5CE71BF-D4B2-4D29-B6EA-BC28AA9F4DD1}" = NI-VISA Runtime 4.1
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{BFEA2222-557D-4F0D-B1AE-64EECBCA2747}" = NI VC2005MSMs x86
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NI Uninstaller" = National Instruments-Software
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Xeneth SDK" = Xeneth SDK 2.1.0.889
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3060216584-2411262382-2270724277-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.07.2012 09:39:24 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 11.07.2012 10:41:01 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.07.2012 04:26:17 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 12.07.2012 05:47:44 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.07.2012 09:43:13 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 15.07.2012 10:42:20 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 17.07.2012 02:57:25 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.07.2012 02:05:26 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.07.2012 02:16:36 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.07.2012 17:39:30 | Computer Name = Nemesis | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 01.01.2013 05:21:47 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:21:47 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:23:45 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:23:45 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:23:45 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:40:35 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:40:35 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 05:40:35 | Computer Name = Nemesis | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.01.2013 09:04:32 | Computer Name = Nemesis | Source = DCOM | ID = 10010
Description =
Error - 02.01.2013 05:23:58 | Computer Name = Nemesis | Source = bowser | ID = 8003
Description =
< End of report >
Kannst du mir erklären, was diese vielen Error Meldungen in den System Events zu bedeuten haben? Etwas beunruhigend für mich ist, dass ich am 1.1 und 2.1. nicht 5:40 am Laptop war, als sie aufgetreten zu sein scheinen.
Ich hatte während der Infektion und danach keines meiner USB Geräte angeschlossen, bitte gib mir Bescheid wenn ich sie dennoch jetzt beim scannen anschließen sollte. Ich hatte eben die Befürchtung meine "gesunden" alten Daten mit dem Trojaner zu ruinieren. |
AdwCleaner auf deinen Desktop.