| Garfield2704 | 18.02.2013 01:44 |
Hallo Leo,
jetzt streikt mein Netbook, es ist wie verhext. Ist extrem langsam und hängt ständig. So probiere ich es jetzt vom PC aus. Den Explorer kann ich nicht starten, komme über Umwegen ins Internet (HP von Emsisoft).
Ich weiß jetzt auch wieder, was D: war. Ich hatte eine externe Festplatte angeschlossen, die partitioniert war. Die Festplatte war ü´´ber einen Datenhafen angeschlossen, ich hatte sie gestern vom PC getrennt.
Die Festplatte wird jetzt wieder erkannt, allerdings haben die Dateien nur Fragmente ("Kauderwelsch") als Namen. Die Partitionen sind auch nicht mehr da.
Wie soll ich mich da verhalten? Muss ich die Programme noch mal laufen lassen??
Ansonsten erst einmal die Logfiles.
GMER Code:
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-17 22:44:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000055 WDC_WD50 rev.01.0 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Bille\AppData\Local\Temp\uwloqpod.sys
---- System - GMER 2.1 ----
SSDT 90E10226 ZwCreateSection
SSDT 90E10230 ZwRequestWaitReplyPort
SSDT 90E1022B ZwSetContextThread
SSDT 90E10235 ZwSetSecurityObject
SSDT 90E1023A ZwSystemDebugControl
SSDT 90E101C7 ZwTerminateProcess
INT 0x51 ? 8545EC88
INT 0x52 ? 88B95C88
INT 0x92 ? 8545DC88
INT 0xA2 ? 8545EC88
INT 0xA3 ? 88B95C88
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 832C88D8 4 Bytes [26, 02, E1, 90] {ADD AH, CL; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 832C8BFC 4 Bytes [30, 02, E1, 90] {XOR [EDX], AL; LOOPZ 0xffffff94}
.text ntkrnlpa.exe!KeSetEvent + 56D 832C8C30 4 Bytes [2B, 02, E1, 90] {SUB EAX, [EDX]; LOOPZ 0xffffff94}
.text ntkrnlpa.exe!KeSetEvent + 5D1 832C8C94 4 Bytes [35, 02, E1, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 832C8CDC 4 Bytes [3A, 02, E1, 90] {CMP AL, [EDX]; LOOPZ 0xffffff94}
.text ...
.text kdcom.dll!KdSendPacket 80402041 80 Bytes [0E, 83, C0, 02, 83, C2, 02, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 6 80402092 4 Bytes [57, 33, C0, 33]
.text kdcom.dll!KdDebuggerInitialize0 + B 80402097 41 Bytes [6A, 62, 66, 89, 45, 98, 8D, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 35 804020C1 34 Bytes [57, FF, 15, AC, 12, 40, 80, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 58 804020E4 81 Bytes [2B, D6, 3B, 51, 14, 0F, 87, ...]
.text kdcom.dll!KdDebuggerInitialize0 + AA 80402136 41 Bytes [8B, C7, 2B, C6, 50, 8D, 85, ...]
.text kdcom.dll!KdRestore + 4 80402160 53 Bytes [5D, 08, BE, 1C, 13, 40, 80, ...]
.text kdcom.dll!KdRestore + 3A 80402196 98 Bytes [15, B0, 12, 40, 80, 59, 59, ...]
.text kdcom.dll!KdRestore + 9E 804021FA 60 Bytes [10, 46, 81, C7, AC, 00, 00, ...]
.text kdcom.dll!KdRestore + DB 80402237 11 Bytes [00, 6A, 64, 8D, 45, 98, 6A, ...]
.text kdcom.dll!KdRestore + E8 80402244 64 Bytes [00, 83, C4, 18, 33, C0, 85, ...]
.text ...
.text kdcom.dll!KdReceivePacket + 2D 8040231B 16 Bytes [00, 00, 83, 7D, F0, 14, 72, ...]
.text kdcom.dll!KdReceivePacket + 3E 8040232C 6 Bytes [00, 74, A9, 83, 7B, 04] {ADD [ECX+EBP*4-0x7d], DH; JNP 0xa}
.text kdcom.dll!KdReceivePacket + 45 80402333 8 Bytes [74, 73, 8B, 73, 10, 8B, 4D, ...] {JZ 0x75; MOV ESI, [EBX+0x10]; MOV ECX, [EBP+0x8]}
.text kdcom.dll!KdReceivePacket + 4E 8040233C 66 Bytes [3B, 03, F1, C7, 43, 04, 37, ...]
.text kdcom.dll!KdReceivePacket + 91 8040237F 79 Bytes CALL 80402084 \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
.text kdcom.dll!KdSendPacket + 78 804025DE 25 Bytes [74, 69, 6E, 65, 00, 00, 8B, ...]
.text kdcom.dll!KdSendPacket + 92 804025F8 145 Bytes [5F, 02, 49, 6F, 52, 65, 67, ...]
.text kdcom.dll!KdSendPacket + 124 8040268A 51 Bytes [E7, 05, 52, 74, 6C, 49, 6D, ...]
.text kdcom.dll!KdSendPacket + 158 804026BE 14 Bytes [1F, 08, 5F, 73, 74, 72, 69, ...]
.text kdcom.dll!KdSendPacket + 167 804026CD 89 Bytes [78, 41, 6C, 6C, 6F, 63, 61, ...]
.text ...
? System32\Drivers\spqf.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8919641B 5 Bytes JMP 88B951D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E204000, 0x37D761, 0xE8000020]
---- User code sections - GMER 2.1 ----
[SIZE="4"] Code:
OTL logfile created on: 17.02.2013 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bille\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,33% Memory free
4,24 Gb Paging File | 2,12 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,31 Gb Total Space | 20,81 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 3,68 Gb Free Space | 98,65% Space Free | Partition Type: FAT32
Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Z: | 19,99 Gb Total Space | 9,42 Gb Free Space | 47,14% Space Free | Partition Type: FAT32
Computer Name: BILLE-PC | User Name: Bille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.17 22:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe
PRC - [2013.02.16 15:14:21 | 003,089,320 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2013.02.16 15:14:20 | 003,365,288 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.08 20:48:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 18:11:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 18:11:22 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 18:11:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.02.16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011.01.26 23:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database_146bec2\bin\FABS.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.26 23:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2008.10.22 11:50:44 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.02.16 15:14:21 | 003,089,320 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 18:11:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 18:11:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database_146bec2\bin\FABS.exe -- (Fabs)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database_146bec2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 18:11:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 18:11:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2012.04.30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011.12.19 01:12:06 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011.01.27 00:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.01.26 23:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 13:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.19 13:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes,DefaultScope = {CDE97567-36EB-4070-AAE2-54FEF0C2AC45}
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes\{C311C248-D7DE-4619-BBA2-271264ECF7E9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes\{CDE97567-36EB-4070-AAE2-54FEF0C2AC45}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bille\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.14 12:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.10 13:59:20 | 000,000,000 | ---D | M]
[2011.04.21 21:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions
[2009.12.20 23:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.21 21:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.)
O2 - BHO: (YouTubeAnywhere) - {8015C430-448C-4003-A969-274F7F0F2D9C} - C:\Users\Bille\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll (Diego Casorran)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003..\Run: [Ukdukacai] C:\Users\Bille\AppData\Roaming\Nyvu\quysa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office2010.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game12.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Reg Error: Key error.)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll (Flatcast Viewer 5.2)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A3DA5D-A255-433F-B7F2-AAFE2114A660}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A61B71-A20C-4746-B4CF-C06B9B0AABE0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [1998.10.03 14:11:18 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{404eed46-d57b-11dc-bf8c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{404eed46-d57b-11dc-bf8c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007.11.15 21:13:32 | 000,143,480 | R--- | M] (MatchWare A/S)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.17 22:57:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe
[2013.02.16 20:50:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.16 20:50:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.16 20:50:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.16 20:50:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.16 20:50:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.16 20:50:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.16 20:50:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.16 20:50:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Penou
[2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Nyvu
[2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Ciuze
[2013.02.16 15:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013.02.16 14:15:43 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.16 14:15:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013.02.16 14:15:13 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.16 14:15:13 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.16 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013.02.16 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\Bille\Documents\Anti-Malware
[2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Xatah
[2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Unfiho
[2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Oqky
[2013.02.11 20:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2013.02.11 14:28:29 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2013.02.09 20:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.09 20:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.09 20:54:32 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.02.09 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.02.03 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.03 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.02.22 01:38:14 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.17 22:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe
[2013.02.17 22:47:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.17 22:47:05 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.02.17 22:47:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.17 22:47:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.17 22:47:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\UpdateDetector.job
[2013.02.17 22:46:59 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.17 22:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.17 22:44:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 20:42:24 | 276,546,172 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.17 20:22:27 | 000,374,784 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\GMER_2.1.18952.exe
[2013.02.17 09:50:14 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.17 09:50:14 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.17 09:50:14 | 000,130,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.17 09:50:14 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 20:58:51 | 000,585,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.16 15:07:50 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.02.11 21:07:57 | 000,001,447 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\System Repair.lnk
[2013.02.11 14:32:00 | 000,000,160 | ---- | M] () -- C:\ProgramData\-WnoFQbjneGr
[2013.02.11 14:32:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\-WnoFQbjneG
[2013.02.11 14:31:49 | 000,000,088 | ---- | M] () -- C:\ProgramData\WnoFQbjneG
[2013.02.10 11:01:45 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.10 11:01:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.02 11:55:25 | 000,055,808 | ---- | M] () -- C:\Users\Bille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.23 22:12:43 | 000,001,916 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.fdf
[2013.01.20 21:13:20 | 000,835,876 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf
[2013.01.20 20:49:41 | 000,056,438 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\Päckchen.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.17 20:22:27 | 000,374,784 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\GMER_2.1.18952.exe
[2013.02.17 16:08:36 | 276,546,172 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.16 15:07:50 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013.02.11 14:28:29 | 000,001,447 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\System Repair.lnk
[2013.02.11 11:34:56 | 000,000,160 | ---- | C] () -- C:\ProgramData\-WnoFQbjneGr
[2013.02.11 11:34:56 | 000,000,152 | ---- | C] () -- C:\ProgramData\-WnoFQbjneG
[2013.02.11 11:34:54 | 000,000,088 | ---- | C] () -- C:\ProgramData\WnoFQbjneG
[2013.02.09 20:54:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.09 20:54:47 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.09 20:54:46 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.09 20:54:37 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.23 22:12:43 | 000,001,916 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.fdf
[2013.01.20 21:13:19 | 000,835,876 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf
[2013.01.20 20:49:38 | 000,056,438 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\Päckchen.JPG
[2012.10.31 20:26:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.16 22:36:37 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2012.05.30 22:16:07 | 000,002,277 | ---- | C] () -- C:\Users\Bille\.recently-used.xbel
[2012.02.09 20:04:53 | 000,000,569 | ---- | C] () -- C:\Windows\wiso.ini
[2011.10.17 15:59:41 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.26 22:12:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.10 14:38:57 | 000,008,296 | ---- | C] () -- C:\Users\Bille\AppData\Local\d3d9caps.dat
[2010.12.03 20:55:29 | 000,019,456 | ---- | C] () -- C:\Users\Bille\AppData\Local\WebpageIcons.db
[2010.10.24 19:58:27 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.10.24 19:58:26 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.02 07:20:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.22 23:33:15 | 000,047,148 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\mdbu.bin
[2008.07.10 11:36:34 | 000,000,052 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\Default.PLS
[2008.04.01 12:58:16 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.05 21:53:19 | 000,055,808 | ---- | C] () -- C:\Users\Bille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.04 23:16:10 | 000,007,962 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\wklnhst.dat
[2008.02.07 14:06:59 | 000,000,093 | ---- | C] () -- C:\Users\Bille\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
EXTRAS Code:
OTL Extras logfile created on: 17.02.2013 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bille\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,33% Memory free
4,24 Gb Paging File | 2,12 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,31 Gb Total Space | 20,81 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 3,68 Gb Free Space | 98,65% Space Free | Partition Type: FAT32
Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Z: | 19,99 Gb Total Space | 9,42 Gb Free Space | 47,14% Space Free | Partition Type: FAT32
Computer Name: BILLE-PC | User Name: Bille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{074A4BFC-19C2-4E5D-8397-2D1C64EED1BA}" = MAGIX Screenshare
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{08A159A1-84A8-4FA7-9319-A7F8D3DBB2BF}" = MAGIX Speed burnR (MSI)
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FBAFFD8-BCBA-4631-97E8-433DE7D1D753}" = Garmin MapInstall
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{219BB7DF-83BA-44C6-A362-D17981FBD285}" = GPS Information
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3B91165A-8616-4C84-A5F3-897B395791F3}" = Show what you know 4
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{4CF29999-1BB0-42B2-99BB-3A34507F9E3B}" = Steuer Update 15.01
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{679DDC2F-290E-48E0-B6D3-6972A0A09554}" = Iminent
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6800642C-2440-4B02-8F88-9F9E3F409E7B}" = Schulberichtsmanager 11
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8C8E10C4-ACE6-424A-87E6-4B2C4A9607DC}" = MAGIX Fotos auf CD & DVD 10 Deluxe
"{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}" = PdfGrabber 4.0
"{8F25DADA-F618-4D78-8009-256F8110014A}" = Steuer Update 14.01
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_XWeb_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_XWeb_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0407-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (German)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_XWeb_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E13CA8F-3AB9-4acb-81E8-0660D07496D4}" = Canon MP750
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{C9A19950-2341-4BA8-8CBD-E9DBF097D638}" = MAGIX Slideshow Maker 2
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D95A0957-F389-C180-9660-B48E41FD83D4}" = ATI Catalyst Install Manager
"{DE9069FA-EF9E-25CD-67E7-0242935CCD49}" = HydraVision
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53A6BF7-F720-4354-9EFA-F8E5269B70A4}" = EasyHtml
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE33F0E4-33DD-E7E9-78CB-507306FD0463}" = Catalyst Control Center InstallProxy
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Service D" = ALDI Foto Service
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo GetBack Photo_is1" = Ashampoo GetBack Photo v.1.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beurteilungs-Manager_is1" = Beurteilungs-Manager - Deinstallation
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"dradio-Recorder_is1" = dradio-Recorder Version 3.01.6
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Encarta98D" = Microsoft Encarta 98 Enzyklopädie
"etope Lister_is1" = 1.36
"File Recover_is1" = File Recover 7.0
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"FileZilla Client" = FileZilla Client 3.1.5
"FKC22150706_is1" = fotokasten comfort
"Fotosizer" = Fotosizer 1.29
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"hotpot_is1" = HotPotatoes v 6.3.0.3
"IMBoosterARP" = Iminent
"IncrediMail" = IncrediMail 2.0
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"IrfanView" = IrfanView (remove only)
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Linotype FontExplorer X_is1" = Linotype FontExplorer X Public Beta
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX Fotos auf CD & DVD 10 Deluxe
"MAGIX_MSI_Slideshow_Maker_2" = MAGIX Slideshow Maker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator 1.0" = Canon MP Navigator 1.0
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFCreator Toolbar" = PDFCreator Toolbar
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"PDFzuWord Professional_is1" = PDFzuWord Professional
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"PL Notebook Kompakt" = PL NB Kompakt
"POP3Notify" = POP3Notify
"QueTek File Scavenger 3.2 (de)" = File Scavenger 3.2 (de)
"Radfahrprüfung2" = Radfahrprüfung2
"RAMRush_is1" = RAMRush 1.0.6.917
"RealPlayer 6.0" = RealPlayer
"Recover My Photos_is1" = Recover My Photos
"Recuva" = Recuva
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Schulschriften Demoversion_is1" = Schulschriften
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Wise Data Recovery_is1" = Wise Data Recovery 3.14
"XWeb" = Microsoft Expression Web 2 Trial
"Zattoo4" = Zattoo4 4.0.5
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"Zeugnismaster XP" = Zeugnismaster XP
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 15:07:20 | Computer Name = Bille-PC | Source = System Restore | ID = 8209
Description =
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 488
Description = WinMail (5388) WindowsMail0: Versuch, Datei "C:\Users\Bille\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 217
Description = WinMail (5388) WindowsMail0: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Bille\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 215
Description = WinMail (5388) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 16.02.2013 09:01:56 | Computer Name = Bille-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 16.02.2013 19:28:03 | Computer Name = Bille-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18646, Zeitstempel
0x4fd23a92, Ausnahmecode 0xc0000005, Fehleroffset 0x0003f2b0, Prozess-ID 0x250,
Anwendungsstartzeit 01ce0c8eb4bee9b6.
Error - 17.02.2013 08:02:12 | Computer Name = Bille-PC | Source = System Restore | ID = 8193
Description =
Error - 17.02.2013 08:02:12 | Computer Name = Bille-PC | Source = System Restore | ID = 8210
Description =
Error - 17.02.2013 15:52:56 | Computer Name = Bille-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GMER_2.1.18952.exe, Version 2.1.18952.0, Zeitstempel
0x511bf088, fehlerhaftes Modul GMER_2.1.18952.exe, Version 2.1.18952.0, Zeitstempel
0x511bf088, Ausnahmecode 0xc0000005, Fehleroffset 0x00012278, Prozess-ID 0x5e0,
Anwendungsstartzeit 01ce0d4810c84ed0.
Error - 17.02.2013 15:58:04 | Computer Name = Bille-PC | Source = Perflib | ID = 1010
Description =
[ Media Center Events ]
Error - 17.04.2008 15:23:16 | Computer Name = Bille-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 04.01.2012 16:52:40 | Computer Name = Bille-PC | Source = ehRecvr | ID = 4
Description =
[ OSession Events ]
Error - 09.11.2008 05:07:37 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1088. This session lasted 190
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.01.2009 18:50:23 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4528
seconds with 480 seconds of active time. This session ended with a crash.
Error - 29.04.2009 09:43:11 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.05.2009 12:05:51 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1046
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.06.2009 10:00:09 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2535
seconds with 480 seconds of active time. This session ended with a crash.
Error - 16.09.2009 03:11:11 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 897
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.10.2009 06:38:02 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10997
seconds with 1320 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 09.02.2013 18:28:37 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 11.02.2013 15:35:21 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 11.02.2013 17:50:03 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 17.02.2013 17:47:14 | Computer Name = Bille-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2010 senden nicht unter
dem Namen An OneNote 2010 senden freigeben. Fehler: 1753. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.02.2013 17:50:27 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.02.2013 17:51:11 | Computer Name = Bille-PC | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Ich hoffe, dieses Mal klappt das Hochladen.
Viele Grüße
Garfield2704 |
