Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   mydirtyhobby-gmbh ....anhang aus spam-mail geöffnet (https://www.trojaner-board.de/133529-mydirtyhobby-gmbh-anhang-spam-mail-geoeffnet.html)

jonny_deluxe 10.04.2013 21:06
mydirtyhobby-gmbh ....anhang aus spam-mail geöffnet
 
wie der ein oder andere leidensgenosse wohl auch habe ich vorhin von der

Finanzabte​ilung MyDirtyHob​by GmbH

eine mail bekommen mit einer ms-dos-anwendung im anhang mit dem namen "rechnung...."

habe diese geöffnet,und nun .......gute frage, wie gehts weiter ?

cosinus 11.04.2013 09:38
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

jonny_deluxe 11.04.2013 12:35
also momentan bin ich mit notebook online. mein desktop bleibt aus bis ich zeit habe das problem an zu gehen (momentan klausurphase) .


ich weiss leider nicht was logs sind (bin leider kein fachmann).

und aktuelle hab antivir. der ist bei dem ganzen sachverhalt überhaupt nicht angesprungen

cosinus 11.04.2013 12:45
Vllt liest du meinen Beitrag und den von mir verlinkten Artikel komplett?

jonny_deluxe 12.04.2013 13:37
hab mir das durch gelesen und musste fest stellen das meine antivir-oberfläche (siehe bild) nicht identisch ist mit der in deinem leitfaden. wie ich bei MIR die logs finde weiß ich nicht

http://i45.tinypic.com/jjmbzr.jpg

SORRY hab noch mal nach geguckt und die rubrik gefunden. allerdings ist da nichts drin.

http://i45.tinypic.com/14agdau.jpg

cosinus 12.04.2013 14:25
Riesenunterschied? :wtf:
Du wirst die Funde doch exportieren können!

http://img.trojaner-board.de/alle-lo...-alle-logs.png

jonny_deluxe 16.04.2013 14:01
ich weiß ehrlich gesagt nicht, was ich machen soll.

du sagst ja "keinen weiteren scan machen".

und wenn ich jetzt im antivir deiner wegbeschreibung folge und
den filter auf [alle] [fund] setze stehen da keine logs (siehe screenshot)

soll ich dann jetzt scannen und nochmal gucken ?

cosinus 17.04.2013 09:12
Zitat:
du sagst ja "keinen weiteren scan machen".
Sollst du auch nicht. Sondern die vorhandenen Ergebnisse exportieren. Einfach mal die verlinkten Hinweise lesen.

jonny_deluxe 18.04.2013 15:33
ich habe vorgestern in den ereignis-ordner geguckt. dort standen keine funde drin

ich habe danach antivir laufen lassen

folgende ergebnis kannst du dir unten anschauen

Zitat:
Exportierte Ereignisse:

16.04.2013 23:15 [Scanner] Malware gefunden
Die Datei 'C:\Users\Philip
xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5d636d77-1a3d8bd8'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.1379' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1d2569fc.qua'
verschoben!

16.04.2013 23:15 [Scanner] Malware gefunden
Die Datei 'C:\Users\Philip xxx\Desktop\Downloads\MyDirtyHobby GmbH
10.04.2013 Abrechnung.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Fukjoor.B' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f683328.qua'
verschoben!

16.04.2013 23:15 [Scanner] Malware gefunden
Die Datei 'C:\Users\Philip
xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5fe3888d-685bb95e'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0840.HF'
[exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7b63263c.qua'
verschoben!

16.04.2013 23:15 [Scanner] Malware gefunden
Die Datei 'C:\Users\Philip
xxx\AppData\Local\Temp\plugtmp-7\plugin-pussycatcasanova.pdf'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pidief.aag.36' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3ed70b08.qua'
verschoben!

16.04.2013 23:15 [Scanner] Malware gefunden
Die Datei 'C:\Users\Philip xxx\Desktop\Downloads\MyDirtyHobby GmbH
10.04.2013 Abrechnung\Rechnung 10.04.2013 MyDirtyHobby.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Fukjoor.B' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '579e1cb3.qua'
verschoben!

16.04.2013 15:24 [Scanner] Malware gefunden
Die Datei
'C:\$Recycle.Bin\S-1-5-21-744407795-3100791593-3173924299-1000\$R8R1H07\Rechnung
10.04.2013 MyDirtyHobby.com'
enthielt einen Virus oder unerwünschtes Programm 'TR/Fukjoor.B' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57d1f35a.qua'
verschoben!

16.04.2013 15:20 [Guard] Malware gefunden
In der Datei
'C:\$Recycle.Bin\S-1-5-21-744407795-3100791593-3173924299-1000\$R8R1H07\Rechnung
10.04.2013 MyDirtyHobby.com'
wurde ein Virus oder unerwünschtes Programm 'TR/Fukjoor.B' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern



ich hoffe, dass hilft jetzt weiter

cosinus 18.04.2013 23:23
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

jonny_deluxe 23.04.2013 20:11
OTL Logfile:
OTL EXTRAS Logfile:
Code:
otl logfile created on: 23.04.2013 20:16:41 - run 1
otl by oldtimer - version 3.2.69.0    folder = c:\users\philip xxx\desktop\downloads
64bit- home premium edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 8.0.7601.17514)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
 
4,00 gb total physical memory | 1,42 gb available physical memory | 35,58% memory free
7,99 gb paging file | 4,19 gb available in paging file | 52,47% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files (x86)
drive c: | 465,67 gb total space | 344,75 gb free space | 74,03% space free | partition type: Ntfs
drive d: | 39,58 gb total space | 0,00 gb free space | 0,00% space free | partition type: Udf
drive f: | 465,76 gb total space | 351,45 gb free space | 75,46% space free | partition type: Ntfs
 
computer name: Philipxxx | user name: Philip xxx | logged in as administrator.
Boot mode: Normal | scan mode: All users | include 64bit scans
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 30 days
 
========== processes (safelist) ==========
 
prc - c:\users\philip xxx\desktop\downloads\otl.exe (oldtimer tools)
prc - c:\program files (x86)\mozilla firefox\firefox.exe (mozilla corporation)
prc - c:\program files (x86)\google\chrome\application\chrome.exe (google inc.)
prc - c:\windows\syswow64\macromed\flash\flashplayerplugin_11_6_602_180.exe (adobe systems, inc.)
prc - c:\program files (x86)\mcafee security scan\3.0.318\ssscheduler.exe (mcafee, inc.)
prc - c:\program files (x86)\lavasoft\ad-aware\aawtray.exe (lavasoft limited)
prc - c:\program files (x86)\lavasoft\ad-aware\aawservice.exe (lavasoft limited                                                  )
prc - c:\users\philip xxx\appdata\local\akamai\netsession_win.exe (akamai technologies, inc.)
prc - c:\program files (x86)\adobe\reader 9.0\reader\acrord32.exe (adobe systems incorporated)
prc - c:\program files (x86)\remote control server\remote control server.exe (steppschuh)
prc - c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe (cyberlink)
prc - c:\program files (x86)\cyberlink\powerdvd12\kernel\dmp\clhnserver\clhnserviceforpowerdvd12.exe (cyberlink corp.)
prc - c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsmonitorservicepdvd12.exe (cyberlink)
prc - c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe (cyberlink)
prc - c:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh)
prc - c:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh)
prc - c:\program files (x86)\divx\divx update\divxupdate.exe ()
prc - c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe (renesas electronics corporation)
prc - c:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh)
prc - c:\program files (x86)\htc\htc sync 3.0\htcupctloader.exe ()
prc - c:\program files (x86)\htc\internet pass-through\passthrusvr.exe ()
prc - c:\program files (x86)\openoffice.org 3\program\soffice.bin (openoffice.org)
prc - c:\program files (x86)\openoffice.org 3\program\soffice.exe (openoffice.org)
prc - c:\program files (x86)\ati technologies\hydravision\hydradm.exe (amd)
prc - c:\program files (x86)\cyberlink\shared files\brs.exe (cyberlink)
prc - c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe (cyberlink corp.)
prc - c:\program files (x86)\spybot - search & destroy\teatimer.exe (safer networking limited)
prc - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe (safer networking ltd.)
 
 
========== modules (no company name) ==========
 
mod - c:\program files (x86)\mozilla firefox\mozjs.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\pepperflash\pepflashplayer.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\pdf.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\libglesv2.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\libegl.dll ()
mod - c:\program files (x86)\google\chrome\application\26.0.1410.64\ffmpegsumo.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.runtime.remo#\ba58d64562391191a22ad0133512ed6f\system.runtime.remoting.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.visualbas#\b9fe069cd0848273acf2ef4468bc1838\microsoft.visualbasic.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\39f4c7717661667c68f9af8c4f6402b9\system.windows.forms.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\27dcf04ed7a3506045597c02a5a1fc31\system.core.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\43cd41484df96d15df949eb17dd88152\system.xml.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\b573c6a62bb88df0ee2af59b6a8ca910\system.drawing.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system\15872842e3e63ddf0f720f406706198e\system.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\system.configuration.ni.dll ()
mod - c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
mod - c:\windows\syswow64\macromed\flash\npswf32_11_6_602_180.dll ()
mod - c:\program files (x86)\adobe\reader 9.0\reader\rdlang32.deu ()
mod - c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\clnetmediadma.dll ()
mod - c:\program files (x86)\divx\divx update\divxupdatecheck.dll ()
mod - c:\program files (x86)\divx\divx update\divxupdate.exe ()
mod - c:\progra~2\common~1\micros~1\office14\cultures\office.odf ()
mod - c:\program files (x86)\htc\htc sync 3.0\sqlite3.dll ()
mod - c:\program files (x86)\htc\htc sync 3.0\htcdetect.dll ()
mod - c:\program files (x86)\htc\htc sync 3.0\htcupctloader.exe ()
mod - c:\program files (x86)\htc\htc sync 3.0\htcdisk.dll ()
mod - c:\program files (x86)\htc\htc sync 3.0\htcdetectlegend.dll ()
mod - c:\program files (x86)\htc\htc sync 3.0\fdhttpd.dll ()
mod - c:\program files (x86)\openoffice.org 3\program\libxslt.dll ()
mod - c:\program files (x86)\openoffice.org 3\program\libxml2.dll ()
mod - c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\escript.deu ()
mod - c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\updater.deu ()
mod - c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\annots.deu ()
mod - c:\program files (x86)\adobe\reader 9.0\reader\sqlite.dll ()
 
 
========== services (safelist) ==========
 
srv:64bit: - (amd external events utility) -- c:\windows\sysnative\atiesrxx.exe (amd)
srv - (mozillamaintenance) -- c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe (mozilla foundation)
srv - (akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
srv - (adobeflashplayerupdatesvc) -- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe (adobe systems incorporated)
srv - (mccomponenthostservice) -- c:\program files (x86)\mcafee security scan\3.0.318\mcchsvc.exe (mcafee, inc.)
srv - (lavasoft ad-aware service) -- c:\program files (x86)\lavasoft\ad-aware\aawservice.exe (lavasoft limited                                                  )
srv - (cyberlink powerdvd 12 media server service) -- c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe (cyberlink)
srv - (clhnserviceforpowerdvd12) -- c:\program files (x86)\cyberlink\powerdvd12\kernel\dmp\clhnserver\clhnserviceforpowerdvd12.exe (cyberlink corp.)
srv - (cyberlink powerdvd 12 media server monitor service) -- c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsmonitorservicepdvd12.exe (cyberlink)
srv - (antivirservice) -- c:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh)
srv - (antivirschedulerservice) -- c:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh)
srv - (bbdemon) -- c:\programme\dassault systemes\zweiterversuch\b21\win_b64\code\bin\catsysdemon.exe (dassault systemes)
srv - (wlcrasvc) -- c:\programme\windows live\mesh\wlcrasvc.exe (microsoft corporation)
srv - (wlidsvc) -- c:\programme\common files\microsoft shared\windows live\wlidsvc.exe (microsoft corp.)
srv - (passthru service) -- c:\program files (x86)\htc\internet pass-through\passthrusvr.exe ()
srv - (flexnet licensing service 64) -- c:\programme\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe (macrovision europe ltd.)
srv - (clr_optimization_v4.0.30319_32) -- c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe (microsoft corporation)
srv - (osppsvc) -- c:\programme\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe (microsoft corporation)
srv - (clr_optimization_v2.0.50727_32) -- c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (microsoft corporation)
srv - (epson_eb_rpcv4_01) -- c:\programdata\epson\epw!3 ssrp\e_s40stb.exe (seiko epson corporation)
srv - (wcescomm) -- c:\windows\windowsmobile\wcescomm.dll (microsoft corporation)
srv - (rapimgr) -- c:\windows\windowsmobile\rapimgr.dll (microsoft corporation)
srv - (epson_pm_rpcv4_01) -- c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe (seiko epson corporation)
 
 
========== driver services (safelist) ==========
 
drv:64bit: - (usb_rndisx) -- c:\windows\sysnative\drivers\usb8023x.sys (microsoft corporation)
drv:64bit: - (cbfs3) -- c:\windows\sysnative\drivers\cbfs3.sys (eldos corporation)
drv:64bit: - (fs_rec) -- c:\windows\sysnative\drivers\fs_rec.sys (microsoft corporation)
drv:64bit: - (avipbb) -- c:\windows\sysnative\drivers\avipbb.sys (avira gmbh)
drv:64bit: - (avgntflt) -- c:\windows\sysnative\drivers\avgntflt.sys (avira gmbh)
drv:64bit: - (amdsata) -- c:\windows\sysnative\drivers\amdsata.sys (advanced micro devices)
drv:64bit: - (amdxata) -- c:\windows\sysnative\drivers\amdxata.sys (advanced micro devices)
drv:64bit: - (rtl8192su) -- c:\windows\sysnative\drivers\rtl8192su.sys (realtek semiconductor corporation                          )
drv:64bit: - (hpsamd) -- c:\windows\sysnative\drivers\hpsamd.sys (hewlett-packard company)
drv:64bit: - (tsusbflt) -- c:\windows\sysnative\drivers\tsusbflt.sys (microsoft corporation)
drv:64bit: - (nusb3xhc) -- c:\windows\sysnative\drivers\nusb3xhc.sys (renesas electronics corporation)
drv:64bit: - (nusb3hub) -- c:\windows\sysnative\drivers\nusb3hub.sys (renesas electronics corporation)
drv:64bit: - (fssfltr) -- c:\windows\sysnative\drivers\fssfltr.sys (microsoft corporation)
drv:64bit: - (lbd) -- c:\windows\sysnative\drivers\lbd.sys (lavasoft ab)
drv:64bit: - (htcnprot) -- c:\windows\sysnative\drivers\htcnprot.sys (windows (r) win 7 ddk provider)
drv:64bit: - (amdkmdag) -- c:\windows\sysnative\drivers\atikmdag.sys (ati technologies inc.)
drv:64bit: - (amdkmdap) -- c:\windows\sysnative\drivers\atikmpag.sys (advanced micro devices, inc.)
drv:64bit: - (atihdmiservice) -- c:\windows\sysnative\drivers\atihdmi.sys (ati technologies, inc.)
drv:64bit: - (ssport) -- c:\windows\sysnative\drivers\ssport.sys (samsung electronics)
drv:64bit: - (htcand64) -- c:\windows\sysnative\drivers\androidusb.sys (htc, corporation)
drv:64bit: - (amdsbs) -- c:\windows\sysnative\drivers\amdsbs.sys (amd technologies inc.)
drv:64bit: - (lsi_sas2) -- c:\windows\sysnative\drivers\lsi_sas2.sys (lsi corporation)
drv:64bit: - (stexstor) -- c:\windows\sysnative\drivers\stexstor.sys (promise technology)
drv:64bit: - (rtl8167) -- c:\windows\sysnative\drivers\rt64win7.sys (realtek corporation                                            )
drv:64bit: - (ebdrv) -- c:\windows\sysnative\drivers\evbda.sys (broadcom corporation)
drv:64bit: - (b06bdrv) -- c:\windows\sysnative\drivers\bxvbda.sys (broadcom corporation)
drv:64bit: - (b57nd60a) -- c:\windows\sysnative\drivers\b57nd60a.sys (broadcom corporation)
drv:64bit: - (hcw85cir) -- c:\windows\sysnative\drivers\hcw85cir.sys (hauppauge computer works, inc.)
drv:64bit: - (lumdriver) -- c:\windows\sysnative\drivers\lumdriver.sys (ibm)
drv - ({329f96b6-df1e-4328-bfda-39ea953c1312}) -- c:\program files (x86)\cyberlink\powerdvd12\common\navfilter\000.fcl (cyberlink corp.)
drv - (ntk_powerdvd12) -- c:\program files (x86)\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_powerdvd12_64.sys (cyberlink corp.)
drv - (lavasoft kernexplorer) -- c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys ()
drv - (wimmount) -- c:\windows\syswow64\drivers\wimmount.sys (microsoft corporation)
drv - ({b154377d-700f-42cc-9474-23858fbdf4bd}) -- c:\program files (x86)\cyberlink\powerdvd9\000.fcl (cyberlink corp.)
 
 
========== standard registry (safelist) ==========
 
 
========== internet explorer ==========
 
ie:64bit: - hklm\..\searchscopes,defaultscope = {6a1806cd-94d4-4689-ba73-e35ea1ea9990}
ie:64bit: - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie:64bit: - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
ie - hklm\..\urlsearchhook:  - no clsid value found
ie - hklm\..\urlsearchhook: {855f3b16-6d32-4fe6-8a56-bbb695989046} - no clsid value found
ie - hklm\..\urlsearchhook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - no clsid value found
ie - hklm\..\searchscopes,defaultscope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src
ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7
ie - hklm\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2626277
 
 
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = <local>
 
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = <local>
 
 
 
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,prev search bar = hxxp://google.icq.com/search/search_frame.php
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,search bar = hxxp://google.icq.com/search/search_frame.php
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,search page = hxxp://feed.snap.do/?publisher=snapdoocyb&dpid=snapdoocyb&co=de&userid=888e239f-0adf-47ef-98c7-2782f906472a&searchtype=ds&q={searchterms}&installdate={installdate}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,start page = hxxp://plasmoo.com
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,start page redirect cache = hxxp://de.msn.com/?ocid=iehp
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\main,start page redirect cache_timestamp = f5 76 ba c6 72 45 cb 01  [binary data]
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\search,default_search_url = hxxp://feed.snap.do/?publisher=snapdoocyb&dpid=snapdoocyb&co=de&userid=888e239f-0adf-47ef-98c7-2782f906472a&searchtype=ds&q={searchterms}&installdate={installdate}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\internet explorer\search,searchassistant = hxxp://feed.snap.do/?publisher=snapdoocyb&dpid=snapdoocyb&co=de&userid=888e239f-0adf-47ef-98c7-2782f906472a&searchtype=ds&q={searchterms}&installdate={installdate}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\urlsearchhook:  - no clsid value found
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\urlsearchhook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - no clsid value found
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes,defaultscope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "url" = hxxp://feed.snap.do/?publisher=snapdoocyb&dpid=snapdoocyb&co=de&userid=888e239f-0adf-47ef-98c7-2782f906472a&searchtype=ds&q={searchterms}&installdate={installdate}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?form=wletdf&pc=wlem&q={searchterms}&src=ie-searchbox
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{6552c7dd-90a4-4387-b795-f8f96747de19}: "url" = hxxp://search.icq.com/search/results.php?q={searchterms}&ch_id=osd
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7&rlz=1i7adfa_de
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2626277
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\{dff49de5-3369-4be4-ad2b-96fa5c04481f}: "url" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchterms}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\searchscopes\plasmoo: "url" = hxxp://plasmoo.com/index.htm?searchmashine=true&q={searchterms}
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-744407795-3100791593-3173924299-1000\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = <local>
 
========== firefox ==========
 
ff - prefs.js..browser.search.defaultenginename: "foxsearch"
ff - prefs.js..browser.search.defaultthis.enginename: "plasmoo"
ff - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
ff - prefs.js..browser.search.order.1: "foxsearch"
ff - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
ff - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
ff - prefs.js..browser.search.selectedengine: "foxsearch"
ff - prefs.js..browser.search.usedbfororder: True
ff - prefs.js..browser.startup.homepage: "google.com"
ff - prefs.js..extensions.enabledaddons: %7b972ce4c6-7e08-4474-a285-3208198ce6fd%7d:20.0.1
ff - prefs.js..extensions.enableditems: {cafeefac-0016-0000-0020-abcdeffedcba}:6.0.20
ff - prefs.js..extensions.enableditems: {cafeefac-0016-0000-0021-abcdeffedcba}:6.0.21
ff - prefs.js..extensions.enableditems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
ff - prefs.js..extensions.enableditems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
ff - prefs.js..extensions.enableditems: {cafeefac-0016-0000-0022-abcdeffedcba}:6.0.22
ff - prefs.js..extensions.enableditems: {cafeefac-0016-0000-0023-abcdeffedcba}:6.0.23
ff - prefs.js..keyword.url: "hxxp://www.finduny.com?client=mozilla-firefox&cd=utf-8&search=1&q="
ff - prefs.js..network.proxy.type: 0
 
ff - user.js..browser.search.selectedengine: "foxsearch"
ff - user.js..browser.search.order.1: "foxsearch"
ff - user.js..browser.search.defaultenginename: "foxsearch"
ff - user.js..keyword.url: "hxxp://www.finduny.com?client=mozilla-firefox&cd=utf-8&search=1&q="
 
ff:64bit: - hklm\software\mozillaplugins\@adobe.com/flashplayer: C:\windows\system32\macromed\flash\npswf64_11_6_602_180.dll file not found
ff:64bit: - hklm\software\mozillaplugins\@divx.com/divx vod helper,version=1.0.0: C:\program files\divx\divx ovs helper\npovshelper.dll (divx, llc.)
ff:64bit: - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: C:\program files\microsoft silverlight\5.1.20125.0\npctrl.dll ( microsoft corporation)
ff:64bit: - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~1\micros~2\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@adobe.com/flashplayer: C:\windows\syswow64\macromed\flash\npswf32_11_6_602_180.dll ()
ff - hklm\software\mozillaplugins\@divx.com/divx browser plugin,version=1.0.0: C:\program files (x86)\divx\divx plus web player\npdivx32.dll (divx, llc)
ff - hklm\software\mozillaplugins\@divx.com/divx vod helper,version=1.0.0: C:\program files (x86)\divx\divx ovs helper\npovshelper.dll (divx, llc.)
ff - hklm\software\mozillaplugins\@java.com/javaplugin: C:\program files (x86)\java\jre6\bin\new_plugin\npjp2.dll (sun microsystems, inc.)
ff - hklm\software\mozillaplugins\@mcafee.com/mcafeemssplugin: C:\program files (x86)\mcafee security scan\3.0.318\npmcafeemss.dll (mcafee, inc.)
ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: C:\program files (x86)\microsoft silverlight\5.1.20125.0\npctrl.dll ( microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~2\micros~1\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0: C:\progra~2\micros~1\office14\npspwrap.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=15.4.3502.0922: C:\program files (x86)\windows live\photo gallery\npwlpg.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=15.4.3508.1109: C:\program files (x86)\windows live\photo gallery\npwlpg.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files (x86)\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files (x86)\google\update\1.3.21.135\npgoogleupdate3.dll (google inc.)
ff - hklm\software\mozillaplugins\adobe reader: C:\program files (x86)\adobe\reader 9.0\reader\air\nppdf32.dll (adobe systems inc.)
 
ff - hkey_local_machine\software\mozilla\firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\program files (x86)\divx\divx plus web player\firefox\divxhtml5 [2011.07.14 10:05:50 | 000,000,000 | ---d | m]
ff - hkey_local_machine\software\mozilla\mozilla firefox 20.0.1\extensions\\components: C:\program files (x86)\mozilla firefox\components [2013.04.15 13:36:00 | 000,000,000 | ---d | m]
ff - hkey_local_machine\software\mozilla\mozilla firefox 20.0.1\extensions\\plugins: C:\program files (x86)\mozilla firefox\plugins [2013.04.15 13:35:57 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\mozilla firefox 20.0.1\extensions\\components: C:\program files (x86)\mozilla firefox\components [2013.04.15 13:36:00 | 000,000,000 | ---d | m]
ff - hkey_current_user\software\mozilla\mozilla firefox 20.0.1\extensions\\plugins: C:\program files (x86)\mozilla firefox\plugins [2013.04.15 13:35:57 | 000,000,000 | ---d | m]
 
[2010.08.27 11:40:59 | 000,000,000 | ---d | m] (no name found) -- c:\users\philip xxx\appdata\roaming\mozilla\extensions
[2013.04.10 16:52:44 | 000,000,000 | ---d | m] (no name found) -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\extensions
[2013.04.10 16:52:44 | 000,000,000 | ---d | m] (yahoo! Toolbar) -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.01.31 17:57:04 | 000,000,000 | ---d | m] ("icq toolbar") -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.14 23:22:07 | 000,000,000 | ---d | m] ("dvdvideosoft menu") -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
[2011.06.14 23:14:05 | 000,000,000 | ---d | m] (plasmoo search engine) -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\extensions\engine@plasmoo.com
[2011.02.07 16:30:28 | 000,001,832 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\bing.xml
[2010.09.24 11:00:48 | 000,000,873 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\conduit.xml
[2013.04.16 20:48:05 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-1.xml
[2013.01.31 17:57:06 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-10.xml
[2013.02.10 23:32:13 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-11.xml
[2010.12.30 13:29:27 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-2.xml
[2011.03.26 14:17:06 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-3.xml
[2011.05.02 21:43:42 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-4.xml
[2011.05.12 15:26:21 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-5.xml
[2011.06.15 14:51:08 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-6.xml
[2011.07.03 12:25:12 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-7.xml
[2011.07.20 13:46:48 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-8.xml
[2013.01.28 18:16:31 | 000,000,950 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin-9.xml
[2010.11.02 22:08:06 | 000,001,056 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\icqplugin.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\plasmoo.xml
[2013.04.16 20:23:24 | 000,021,695 | ---- | m] () -- c:\users\philip xxx\appdata\roaming\mozilla\firefox\profiles\08mlyekg.default\searchplugins\web search.xml
[2013.04.15 13:35:56 | 000,000,000 | ---d | m] (no name found) -- c:\program files (x86)\mozilla firefox\extensions
[2013.04.15 13:36:00 | 000,263,064 | ---- | m] (mozilla foundation) -- c:\program files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | m] (sun microsystems, inc.) -- c:\program files (x86)\mozilla firefox\plugins\npdeployjava1.dll
[2010.03.19 10:23:30 | 000,686,592 | ---- | m] (synatix gmbh) -- c:\program files (x86)\mozilla firefox\plugins\npmieze.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\ebay-de.xml
[2011.03.26 14:12:45 | 000,000,143 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2013.02.16 06:15:47 | 000,006,805 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | m] () -- c:\program files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== chrome  ==========
 
chr - default_search_provider: Google (enabled)
chr - default_search_provider: Search_url = {google:baseurl}search?q={searchterms}&{google:rlz}{google:acceptedsuggestion}{google:originalqueryforsuggestion}{google:assistedquerystats}{google:searchfieldtrialparameter}{google:searchclient}{google:sourceid}{google:instantextendedenabledparameter}ie={inputencoding}
chr - default_search_provider: Suggest_url = {google:basesuggesturl}search?{google:searchfieldtrialparameter}client=chrome&q={searchterms}&{google:cursorposition}sugkey={google:suggestapikeyparameter}
chr - plugin: Shockwave flash (enabled) = c:\program files (x86)\google\chrome\application\26.0.1410.64\pepperflash\pepflashplayer.dll
chr - plugin: Chrome remote desktop viewer (enabled) = internal-remoting-viewer
chr - plugin: Native client (enabled) = c:\program files (x86)\google\chrome\application\26.0.1410.64\ppgooglenaclpluginchrome.dll
chr - plugin: Chrome pdf viewer (enabled) = c:\program files (x86)\google\chrome\application\26.0.1410.64\pdf.dll
chr - plugin: Adobe acrobat (enabled) = c:\program files (x86)\adobe\reader 9.0\reader\browser\nppdf32.dll
chr - plugin: Java deployment toolkit 6.0.240.7 (enabled) = c:\program files (x86)\java\jre6\bin\new_plugin\npdeployjava1.dll
chr - plugin: Java(tm) platform se 6 u24 (enabled) = c:\program files (x86)\java\jre6\bin\new_plugin\npjp2.dll
chr - plugin: Gutscheinmieze-plugin (enabled) = c:\program files (x86)\mozilla firefox\plugins\npmieze.dll
chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~1\office14\npauthz.dll
chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~1\office14\npspwrap.dll
chr - plugin: Divx vod helper plug-in (enabled) = c:\program files (x86)\divx\divx ovs helper\npovshelper.dll
chr - plugin: Divx web player (enabled) = c:\program files (x86)\divx\divx plus web player\npdivx32.dll
chr - plugin: Google update (enabled) = c:\program files (x86)\google\update\1.3.21.135\npgoogleupdate3.dll
chr - plugin: Windows live\u0099 photo gallery (enabled) = c:\program files (x86)\windows live\photo gallery\npwlpg.dll
chr - plugin: Shockwave flash (enabled) = c:\windows\syswow64\macromed\flash\npswf32_11_6_602_168.dll
chr - plugin: Silverlight plug-in (enabled) = c:\program files (x86)\microsoft silverlight\4.0.60831.0\npctrl.dll
chr - extension: Mehr leistung und videoformate f\u00fcr dein html5 \u003cvideo\u003e = c:\users\philip xxx\appdata\local\google\chrome\user data\default\extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
o1 hosts file: ([2009.06.10 23:00:26 | 000,000,824 | ---- | m]) - c:\windows\sysnative\drivers\etc\hosts
o2:64bit: - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programme\microsoft office\office14\grooveex.dll (microsoft corporation)
o2:64bit: - bho: (windows live id sign-in helper) - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\common files\microsoft shared\windows live\windowslivelogin.dll (microsoft corp.)
o2:64bit: - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\programme\microsoft office\office14\urlredir.dll (microsoft corporation)
o2 - bho: (mss+ identifier) - {0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - c:\program files (x86)\mcafee security scan\3.0.318\mcafeemss_ie.dll (mcafee, inc.)
o2 - bho: (divx plus web player html5 <video>) - {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll (divx, llc)
o2 - bho: (spybot-s&d ie protection) - {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\sdhelper.dll (safer networking limited)
o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office14\grooveex.dll (microsoft corporation)
o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\urlredir.dll (microsoft corporation)
o3 - hklm\..\toolbar: (no name) - {dfefcdee-cf1a-4fc8-88ad-48514e463b27} - no clsid value found.
O3 - hku\s-1-5-21-744407795-3100791593-3173924299-1000\..\toolbar\webbrowser: (no name) - {dfefcdee-cf1a-4fc8-88ad-48514e463b27} - no clsid value found.
O4:64bit: - hklm..\run: [rthdvcpl] c:\program files\realtek\audio\hda\ravcpl64.exe (realtek semiconductor)
o4:64bit: - hklm..\run: [windows mobile device center] c:\windows\windowsmobile\wmdc.exe (microsoft corporation)
o4 - hklm..\run: [avgnt] c:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh)
o4 - hklm..\run: [bdregion] c:\program files (x86)\cyberlink\shared files\brs.exe (cyberlink)
o4 - hklm..\run: [divxupdate] c:\program files (x86)\divx\divx update\divxupdate.exe ()
o4 - hklm..\run: [htc sync loader] c:\program files (x86)\htc\htc sync 3.0\htcupctloader.exe ()
o4 - hklm..\run: [nusb3mon] c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe (renesas electronics corporation)
o4 - hklm..\run: [pdvd9languageshortcut] c:\program files (x86)\cyberlink\powerdvd9\language\language.exe (cyberlink corp.)
o4 - hklm..\run: [powerdvd12agent] c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe (cyberlink corp.)
o4 - hklm..\run: [powerdvd12dmrengine] c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe (cyberlink)
o4 - hklm..\run: [remotecontrol9] c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe (cyberlink corp.)
o4 - hklm..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (advanced micro devices, inc.)
o4 - hku\s-1-5-19..\run: [sidebar] c:\program files (x86)\windows sidebar\sidebar.exe (microsoft corporation)
o4 - hku\s-1-5-20..\run: [sidebar] c:\program files (x86)\windows sidebar\sidebar.exe (microsoft corporation)
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\run: [akamai netsession interface] c:\users\philip xxx\appdata\local\akamai\netsession_win.exe (akamai technologies, inc.)
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\run: [hydravisiondesktopmanager] c:\program files (x86)\ati technologies\hydravision\hydradm.exe (amd)
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\run: [icq] "c:\program files (x86)\icq6.5\icq.exe" silent file not found
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\run: [remote control server] c:\program files (x86)\remote control server\remote control server.exe (steppschuh)
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\run: [spybotsd teatimer] c:\program files (x86)\spybot - search & destroy\teatimer.exe (safer networking limited)
o4 - hku\.default..\runonce: [spreview] "c:\windows\system32\spreview\spreview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?linkid=122915" /build:7601 file not found
o4 - hku\s-1-5-18..\runonce: [spreview] "c:\windows\system32\spreview\spreview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?linkid=122915" /build:7601 file not found
o4 - hku\s-1-5-19..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe file not found
o4 - hku\s-1-5-20..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe file not found
o4 - hku\s-1-5-21-744407795-3100791593-3173924299-1000..\runonce: [flashplayerupdate] c:\windows\syswow64\macromed\flash\flashutil32_11_6_602_180_plugin.exe (adobe systems incorporated)
o4 - startup: C:\users\philip xxx\appdata\roaming\microsoft\windows\start menu\programs\startup\openoffice.org 3.2.lnk = c:\program files (x86)\openoffice.org 3\program\quickstart.exe ()
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktop = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktopchanges = 1
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o8:64bit: - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~1\office14\onbttnie.dll/105 file not found
o8:64bit: - extra context menu item: Free youtube download - c:\users\philip xxx\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm ()
o8:64bit: - extra context menu item: Free youtube to mp3 converter - c:\users\philip xxx\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm ()
o8:64bit: - extra context menu item: Google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_89d8574934b26ac4.dll/cmsidewiki.html file not found
o8:64bit: - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~1\office14\excel.exe/3000 file not found
o8 - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~1\office14\onbttnie.dll/105 file not found
o8 - extra context menu item: Free youtube download - c:\users\philip xxx\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm ()
o8 - extra context menu item: Free youtube to mp3 converter - c:\users\philip xxx\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm ()
o8 - extra context menu item: Google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_89d8574934b26ac4.dll/cmsidewiki.html file not found
o8 - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~1\office14\excel.exe/3000 file not found
o9:64bit: - extra button: An onenote senden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9:64bit: - extra 'tools' menuitem : An onenote s&enden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation)
o9:64bit: - extra button: Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o9:64bit: - extra 'tools' menuitem : Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation)
o9 - extra button: @c:\windows\windowsmobile\inetrepl.dll,-222 - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - c:\windows\windowsmobile\inetrepl.dll (microsoft corporation)
o9 - extra 'tools' menuitem : @c:\windows\windowsmobile\inetrepl.dll,-223 - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\windows\windowsmobile\inetrepl.dll (microsoft corporation)
o9 - extra button: Icq7.2 - {72efbfe4-c74f-4187-aefd-73ea3be968d6} - c:\program files (x86)\icq7.2\icq.exe (icq, llc.)
o9 - extra 'tools' menuitem : Icq7.2 - {72efbfe4-c74f-4187-aefd-73ea3be968d6} - c:\program files (x86)\icq7.2\icq.exe (icq, llc.)
o9 - extra button: Icq lite - {b863453a-26c3-4e1f-a54d-a2cd196348e9} - c:\program files (x86)\icqlite\icqlite.exe file not found
o9 - extra 'tools' menuitem : Icq lite - {b863453a-26c3-4e1f-a54d-a2cd196348e9} - c:\program files (x86)\icqlite\icqlite.exe file not found
o9 - extra 'tools' menuitem : Spybot - search && destroy configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - c:\program files (x86)\spybot - search & destroy\sdhelper.dll (safer networking limited)
o10:64bit: - namespace_catalog5\catalog_entries64\000000000005 [] - c:\programme\common files\microsoft shared\windows live\wlidnsp.dll (microsoft corp.)
o10:64bit: - namespace_catalog5\catalog_entries64\000000000006 [] - c:\programme\common files\microsoft shared\windows live\wlidnsp.dll (microsoft corp.)
o1364bit: - gopher prefix: Missing
o13 - gopher prefix: Missing
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (java plug-in 1.6.0_24)
o16 - dpf: {cafeefac-0016-0000-0024-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (java plug-in 1.6.0_24)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (java plug-in 1.6.0_24)
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} hxxp://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab (reg error: Key error.)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{6daf32dd-a4db-4d9b-b7aa-19b3505b92ce}: Dhcpnameserver = 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{7891e411-fe89-4b0d-b6cc-9ec827846079}: Dhcpnameserver = 192.168.42.129
o18:64bit: - protocol\handler\livecall - no clsid value found
o18:64bit: - protocol\handler\msdaipp - no clsid value found
o18:64bit: - protocol\handler\msdaipp\0x00000001 - no clsid value found
o18:64bit: - protocol\handler\msdaipp\oledb - no clsid value found
o18:64bit: - protocol\handler\ms-help - no clsid value found
o18:64bit: - protocol\handler\msnim - no clsid value found
o18:64bit: - protocol\handler\wlmailhtml - no clsid value found
o18:64bit: - protocol\handler\wlpg - no clsid value found
o18 - protocol\handler\msdaipp\0x00000001 {e1d2bf42-a96b-11d1-9c6b-0000f875ac61} - c:\program files (x86)\common files\system\ole db\msdaipp.dll (microsoft corporation)
o18 - protocol\handler\msdaipp\oledb {e1d2bf40-a96b-11d1-9c6b-0000f875ac61} - c:\program files (x86)\common files\system\ole db\msdaipp.dll (microsoft corporation)
o18:64bit: - protocol\filter\text/xml {807573e5-5146-11d5-a672-00b0d022e945} - c:\programme\common files\microsoft shared\office14\msoxmlmf.dll (microsoft corporation)
o20:64bit: - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\sysnative\userinit.exe (microsoft corporation)
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\syswow64\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Userinit - (userinit.exe) - c:\windows\syswow64\userinit.exe (microsoft corporation)
o21:64bit: - ssodl: Eldosmountnotificator - {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\sysnative\cbfsmntntf3.dll (eldos corporation)
o21:64bit: - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O21 - ssodl: Eldosmountnotificator - {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\syswow64\cbfsmntntf3.dll (eldos corporation)
o21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
O22:64bit: - sharedtaskscheduler: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - virtual storage mount notification - c:\windows\sysnative\cbfsmntntf3.dll (eldos corporation)
o22 - sharedtaskscheduler: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - virtual storage mount notification - c:\windows\syswow64\cbfsmntntf3.dll (eldos corporation)
o28:64bit: - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programme\microsoft office\office14\grooveex.dll (microsoft corporation)
o28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office14\grooveex.dll (microsoft corporation)
o32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2010.09.03 14:23:49 | 000,000,000 | ---d | m] - c:\autodesk -- [ ntfs ]
o32 - unable to obtain root file information for disk f:\
o33 - mountpoints2\{f8a18cfa-03a9-11e0-b1e7-6cf049e33400}\shell - "" = autorun
o33 - mountpoints2\{f8a18cfa-03a9-11e0-b1e7-6cf049e33400}\shell\autorun\command - "" = c:\windows\system32\rundll32.exe shell32.dll,shellexec_rundll i:\start.hta
o34 - hklm bootexecute: (autocheck autochk *)
o34 - hklm bootexecute: (lsdelete)
o35:64bit: - hklm\..comfile [open] -- "%1" %*
o35:64bit: - hklm\..exefile [open] -- "%1" %*
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37:64bit: - hklm\...com [@ = comfile] -- "%1" %*
o37:64bit: - hklm\...exe [@ = exefile] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3)
o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2)
o38 - subsystems\\windows: (serverdll=sxssrv,4)
 
========== files/folders - created within 30 days ==========
 
[2013.04.23 15:55:03 | 000,000,000 | r--d | c] -- c:\users\philip xxx\appdata\roaming\microsoft\windows\start menu\programs\cyberlink powerdvd 9
[2013.04.18 15:23:53 | 000,000,000 | ---d | c] -- c:\users\philip xxx\desktop\microsoft.office.professional.plus.2013.x64.vl.german
[2013.04.18 15:21:28 | 000,000,000 | ---d | c] -- c:\users\philip xxx\desktop\autocad
[2013.04.17 20:53:21 | 000,000,000 | ---d | c] -- c:\users\philip xxx\desktop\drucken
[2013.04.16 20:36:38 | 000,000,000 | ---d | c] -- c:\program files (x86)\common files\pdf architect
[2013.04.16 20:25:56 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\roaming\pdf architect
[2013.04.16 20:18:11 | 000,000,000 | -hsd | c] -- c:\programdata\{c4abdbc8-1c81-42c9-bffc-4a68511e9e4f}
[2013.04.16 20:18:11 | 000,000,000 | -h-d | c] -- c:\programdata\common files
[2013.04.16 20:17:45 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\roaming\pdfforge
[2013.04.16 20:17:45 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\pdfcreator
[2013.04.16 20:17:42 | 000,662,288 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\mscomct2.ocx
[2013.04.16 20:17:42 | 000,137,000 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\msmapi32.ocx
[2013.04.16 20:17:42 | 000,110,264 | ---- | c] (pdfforge gmbh) -- c:\windows\sysnative\pdfcmon.dll
[2013.04.16 20:17:41 | 000,158,208 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\mscmcde.dll
[2013.04.16 20:17:41 | 000,064,512 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\mscc2de.dll
[2013.04.16 20:17:41 | 000,023,552 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\msmpide.dll
[2013.04.16 20:17:41 | 000,000,000 | ---d | c] -- c:\program files (x86)\pdfcreator
[2013.04.16 20:17:41 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\roaming\opencandy
[2013.04.16 20:16:11 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\programs
[2013.04.15 13:35:56 | 000,000,000 | ---d | c] -- c:\program files (x86)\mozilla firefox
[2013.04.10 23:09:32 | 003,717,632 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\mstscax.dll
[2013.04.10 23:09:31 | 003,217,408 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\mstscax.dll
[2013.04.10 23:09:31 | 000,158,720 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\aaclient.dll
[2013.04.10 23:09:31 | 000,131,584 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\aaclient.dll
[2013.04.10 23:09:31 | 000,044,032 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\tsgqec.dll
[2013.04.10 23:09:31 | 000,036,864 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\tsgqec.dll
[2013.04.10 23:09:20 | 000,735,232 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\msfeeds.dll
[2013.04.10 23:09:18 | 000,097,792 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\mshtmled.dll
[2013.04.10 23:09:18 | 000,067,584 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\mshtmled.dll
[2013.04.10 23:09:17 | 000,247,808 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\ieui.dll
[2013.04.10 23:09:17 | 000,176,640 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\ieui.dll
[2013.04.10 23:09:17 | 000,134,144 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\url.dll
[2013.04.10 23:09:17 | 000,132,096 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\url.dll
[2013.04.10 23:09:14 | 005,550,424 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\ntoskrnl.exe
[2013.04.10 23:09:13 | 003,968,856 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\ntkrnlpa.exe
[2013.04.10 23:09:13 | 003,913,560 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\ntoskrnl.exe
[2013.04.10 23:09:13 | 000,112,640 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\smss.exe
[2013.04.10 23:09:12 | 000,043,520 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\csrsrv.dll
[2013.04.10 23:09:12 | 000,006,656 | ---- | c] (microsoft corporation) -- c:\windows\syswow64\apisetschema.dll
[2013.04.10 22:21:29 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\catia
[2013.04.10 21:02:19 | 000,000,000 | -h-d | c] -- c:\users\philip xxx\appdata\roaming\65a8918e
[2013.04.10 20:51:39 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\3dmouse
[2013.04.10 20:39:18 | 000,000,000 | ---d | c] -- c:\program files\dassault systemes
[2013.04.10 20:38:06 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\roaming\dassaultsystemes
[2013.04.10 20:38:06 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\dassaultsystemes
[2013.04.10 20:38:06 | 000,000,000 | ---d | c] -- c:\programdata\dassaultsystemes
[2013.04.09 18:20:27 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\{d1a53bd2-cbef-4f42-be94-10f3f76c4172}
[2013.04.04 22:10:49 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\{bbf1b893-8633-4451-9a6f-649efa597f03}
[2013.04.04 21:53:37 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\{58ae054a-ce74-4d33-8460-761560e1716a}
[2013.04.04 21:17:57 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\{5c2eb6eb-e732-46e7-a0b0-856b68b87deb}
[2013.04.04 20:00:24 | 000,000,000 | ---d | c] -- c:\users\philip xxx\desktop\sms mail mirco
[2013.04.04 19:44:06 | 000,000,000 | ---d | c] -- c:\users\philip xxx\appdata\local\elevateddiagnostics
[2013.04.02 22:40:42 | 000,000,000 | ---d | c] -- c:\users\philip xxx\desktop\schrank
[2013.03.26 22:56:13 | 000,041,472 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\drivers\rndismpx.sys
[2013.03.26 22:56:13 | 000,019,968 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\drivers\usb8023x.sys
[2013.03.26 22:56:13 | 000,019,968 | ---- | c] (microsoft corporation) -- c:\windows\sysnative\drivers\usb8023.sys
[1 c:\users\philip xxx\desktop\*.tmp files -> c:\users\philip xxx\desktop\*.tmp -> ]
 
========== files - modified within 30 days ==========
 
[2013.04.23 20:03:00 | 000,001,126 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2013.04.23 19:51:00 | 000,000,884 | ---- | m] () -- c:\windows\tasks\adobe flash player updater.job
[2013.04.23 19:03:00 | 000,001,122 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2013.04.23 16:02:07 | 000,014,800 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2013.04.23 16:02:07 | 000,014,800 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2013.04.23 16:00:37 | 001,498,742 | ---- | m] () -- c:\windows\sysnative\perfstringbackup.ini
[2013.04.23 16:00:37 | 000,654,150 | ---- | m] () -- c:\windows\sysnative\perfh007.dat
[2013.04.23 16:00:37 | 000,616,032 | ---- | m] () -- c:\windows\sysnative\perfh009.dat
[2013.04.23 16:00:37 | 000,130,022 | ---- | m] () -- c:\windows\sysnative\perfc007.dat
[2013.04.23 16:00:37 | 000,106,412 | ---- | m] () -- c:\windows\sysnative\perfc009.dat
[2013.04.23 15:54:45 | 000,000,408 | ---- | m] () -- c:\windows\tasks\ad-aware update (weekly).job
[2013.04.23 15:54:40 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2013.04.23 15:54:38 | 3217,645,568 | -hs- | m] () -- c:\hiberfil.sys
[2013.04.22 21:22:12 | 000,000,064 | ---- | m] () -- c:\windows\syswow64\rp_stats.dat
[2013.04.22 21:22:12 | 000,000,044 | ---- | m] () -- c:\windows\syswow64\rp_rules.dat
[2013.04.19 15:40:49 | 037,379,619 | ---- | m] () -- c:\users\philip xxx\neuer ordner\documents\mietvertrag.pdf
[2013.04.19 14:56:35 | 000,002,047 | ---- | m] () -- c:\users\philip xxx\desktop\samsung scx-3200 series - verknüpfung.lnk
[2013.04.16 20:17:46 | 000,001,031 | ---- | m] () -- c:\users\public\desktop\pdfcreator.lnk
[2013.04.12 12:32:06 | 000,546,680 | ---- | m] () -- c:\windows\sysnative\fntcache.dat
[2013.04.10 22:21:35 | 000,017,708 | ---- | m] () -- c:\windows\sysnative\drivers\etc\services
[2013.04.10 22:21:29 | 000,002,608 | ---- | m] () -- c:\users\public\desktop\catia v5r21.lnk
[2013.04.09 15:13:52 | 000,110,264 | ---- | m] (pdfforge gmbh) -- c:\windows\sysnative\pdfcmon.dll
[2013.04.03 12:12:04 | 001,006,261 | ---- | m] () -- c:\users\philip xxx\desktop\imag0743.jpg
[2013.04.03 12:11:52 | 000,927,655 | ---- | m] () -- c:\users\philip xxx\desktop\imag0742.jpg
[1 c:\users\philip xxx\desktop\*.tmp files -> c:\users\philip xxx\desktop\*.tmp -> ]
 
========== files created - no company name ==========
 
[2013.04.23 19:14:56 | 037,379,619 | ---- | c] () -- c:\users\philip xxx\neuer ordner\documents\mietvertrag.pdf
[2013.04.23 15:54:45 | 000,000,408 | ---- | c] () -- c:\windows\tasks\ad-aware update (weekly).job
[2013.04.19 14:56:35 | 000,002,047 | ---- | c] () -- c:\users\philip xxx\desktop\samsung scx-3200 series - verknüpfung.lnk
[2013.04.18 15:20:35 | 103,796,535 | ---- | c] () -- c:\users\philip xxx\desktop\catia v5-grundkurs für maschinenbauer.pdf
[2013.04.16 20:17:46 | 000,001,031 | ---- | c] () -- c:\users\public\desktop\pdfcreator.lnk
[2013.04.10 22:21:29 | 000,002,608 | ---- | c] () -- c:\users\public\desktop\catia v5r21.lnk
[2013.04.10 13:42:55 | 005,851,780 | ---- | c] () -- c:\users\philip xxx\desktop\zimmerübergabe 14.3.wma
[2013.04.09 18:52:03 | 001,006,261 | ---- | c] () -- c:\users\philip xxx\desktop\imag0743.jpg
[2013.04.09 18:52:03 | 000,927,655 | ---- | c] () -- c:\users\philip xxx\desktop\imag0742.jpg
[2011.05.01 19:05:38 | 000,000,064 | ---- | c] () -- c:\windows\syswow64\rp_stats.dat
[2011.05.01 19:05:38 | 000,000,044 | ---- | c] () -- c:\windows\syswow64\rp_rules.dat
[2011.04.22 13:59:43 | 000,000,040 | -hs- | c] () -- c:\programdata\.zreglib
[2010.08.27 20:20:59 | 000,000,079 | ---- | c] () -- c:\users\philip xxx\appdata\local\crystaldiskmark30.ini
 
========== zeroaccess check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | rhs- | m] () -- c:\windows\assembly\desktop.ini
 
[hkey_current_user\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32] /64
 
[hkey_current_user\software\classes\wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
 
[hkey_current_user\software\classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\inprocserver32] /64
 
[hkey_current_user\software\classes\wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\inprocserver32]
 
[hkey_local_machine\software\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32] /64
"" = c:\windows\sysnative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | m] (microsoft corporation)
"threadingmodel" = apartment
 
[hkey_local_machine\software\wow6432node\classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\inprocserver32]
"" = %systemroot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | m] (microsoft corporation)
"threadingmodel" = apartment
 
[hkey_local_machine\software\classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\inprocserver32] /64
"" = c:\windows\sysnative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | m] (microsoft corporation)
"threadingmodel" = free
 
[hkey_local_machine\software\wow6432node\classes\clsid\{5839fca9-774d-42a1-acda-d6a79037f57f}\inprocserver32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | m] (microsoft corporation)
"threadingmodel" = free
 
[hkey_local_machine\software\classes\clsid\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\inprocserver32] /64
"" = c:\windows\sysnative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | m] (microsoft corporation)
"threadingmodel" = both
 
[hkey_local_machine\software\wow6432node\classes\clsid\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\inprocserver32]
 
========== alternate data streams ==========
 
@alternate data stream - 104 bytes -> c:\programdata\temp:d1b5b4f1

< end of report >
--- --- ---

--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 23.04.2013 20:16:41 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philip xxx\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 35,58% Memory free
7,99 Gb Paging File | 4,19 Gb Available in Paging File | 52,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,67 Gb Total Space | 344,75 Gb Free Space | 74,03% Space Free | Partition Type: NTFS
Drive D: | 39,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 465,76 Gb Total Space | 351,45 Gb Free Space | 75,46% Space Free | Partition Type: NTFS
 
Computer Name: xxx| User Name: Philip xxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-744407795-3100791593-3173924299-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10D3FB15-66EC-4266-83D8-7725914993F1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{18534349-24DD-45CF-AD7E-74E220E42F87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FB182DE-819D-4609-BE26-A24769CA9FC1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B3DFBDC-38BC-419C-B255-808EB29AFC22}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C18A344-B374-4788-AB04-998E00C61430}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2DE617C3-68D3-4AEB-B3E9-B3360632DE3A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3081E878-0C70-4609-A26D-016157EF9665}" = lport=139 | protocol=6 | dir=in | app=system |
"{36CDB796-BDFA-4AFC-A0D9-1334F40E1463}" = rport=139 | protocol=6 | dir=out | app=system |
"{38901A63-7FE4-4B55-911D-88E35858470E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A0FCC94-12BE-4BEB-AE31-22842F7BB98B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DA04366-C1A4-45BD-AC60-47C24E366F28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51D128FA-5868-46B4-A4E4-BEE649B27DF0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{546BF5B5-7307-4776-81FF-90C9F4E8C32D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{54A2A2F0-7077-4064-A783-B088346C51C2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5733C3D0-E0D3-487D-923F-D35C396D776D}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{5FFCE71B-14D7-4172-98A7-F4E3A4586CE2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{61DD82C1-2266-48A6-A5F1-FA89C7F4C731}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{629B2835-6E20-4C52-B5B9-D9D06BDD3DF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E5358FA-4F2A-41FF-9104-E94DCE7869BA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{70EEEB36-64FD-4A63-B069-BED4BC917215}" = rport=138 | protocol=17 | dir=out | app=system |
"{715F992A-92E4-40E3-A9FD-23D047AC4139}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72B0301E-7AC9-4251-B4C0-23E2D0AAF055}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{733787E9-A891-45C2-A696-3E3F306955F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{74C536BD-D2C4-44B5-BD73-819638198C2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80C64959-7595-4123-B3E0-94B813492380}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85F3D1FC-11C1-401F-8DAC-C09B93C21B26}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8764113C-F2CF-4E17-B6B8-A0F03F16AE40}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DCEFFA1-FAFF-4566-8AE3-B93B427F1D8C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9012ACEC-BC8E-49A1-A5CA-110C1BADA3EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95AFE94D-8445-4670-9986-613FE3769EEA}" = rport=137 | protocol=17 | dir=out | app=system |
"{9AC44317-204A-4BDC-A355-F33243C16CCB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{A00055ED-3BEF-4A36-94A0-4C2C250AB5BA}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{A507AEAB-5092-40E1-81C6-DBFC0BDC3BC4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A7A1E9D1-CFFE-4796-968B-7D78FCF09833}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B63B542A-C5BF-4523-A94A-862944FF4704}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0C32270-5AEB-4C3F-9465-C4351595828E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1FF569E-A083-40AD-89F3-951164ED0278}" = lport=138 | protocol=17 | dir=in | app=system |
"{C89D2A29-415E-4DF9-AB57-7E06121CB40B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CF14AB16-12D3-4075-9552-5F8CE641D006}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4A6C871-512D-4724-A94E-4771F5114E6F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D68C61E1-5B01-4C12-8DA9-1CDC3CE1543C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D73F790D-1F95-4D4C-8CFE-442F648AC648}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DD3E223A-9922-4617-9130-1F749E30B674}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E9F69760-7F9A-466A-83C7-F89439F2930A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDC215ED-44E5-4090-8D8D-9DD03CE747A4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F5438E46-37F5-4E3E-9A8A-CF40C54F6D6D}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F66758E4-7598-4F85-80BF-49884E15D0A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FAFDEF24-A855-4FEA-A1C4-5AB0C0617F26}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0345028D-1657-4582-BD25-590C634CE4E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{078236DE-E134-40BA-AF55-36164A07090D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{07EA88B1-76B2-4B66-AC9D-85AD596632D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0886C05C-36B1-419D-B2D2-7CC81CC2805B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{0B8215BF-F9DE-49CD-AAA1-8662E4187B54}" = protocol=17 | dir=in | app=c:\users\philip xxx\appdata\local\akamai\netsession_win.exe |
"{0CB22207-98B1-44AF-882F-301ACB50ECBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FE4B409-919F-4C57-869B-7777AB96D4D2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{18ABE620-9FF2-483F-932D-7FDF189BC527}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{1C52B83F-D413-4CFD-95E0-2C45D7ECF363}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{1CC5B12C-2E72-41CA-8450-46934BF59411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F38EF14-2D38-45A5-B00F-AD722F3A02A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E4DDCF5-3823-49D9-B2ED-D466AF23B5F2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{3267D56E-2095-4CFB-8D42-F4839D73C738}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34008185-9FA3-48AF-87A4-CD324B6C1AA3}" = protocol=6 | dir=in | app=c:\users\philip xxx\appdata\local\akamai\netsession_win.exe |
"{3777330B-2F1B-4D1E-82D3-5375FD12BFAE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{387F17B9-B07C-4252-8388-4FF6B672C9DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3EB37E53-A2B2-4EA8-BD1E-E1D369E8C45E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3FE20FB6-FBCD-4DE6-B1C9-F832B86752D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D2474EA-A459-493E-93CF-B6A622A5A75D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{50C95082-C85B-488F-90DC-6FCEF19AEC1B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5169E1AC-17A5-4BDA-9087-89073CF72FED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5297B27D-D776-4A69-9715-B84854B5B82A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54671CAB-4215-4E27-B716-A3C05629DBEA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54F9E072-B82C-4C85-9258-A88C03E88F4D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{569B6BB4-9069-4C52-B9DD-C1FB161E76EC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B1641C3-2C25-4467-AB6D-92239A9A5CE8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{5B692A9A-D288-4A99-9C9C-A77368208064}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{61F1A705-6C80-4452-94CC-9038AF03BBC7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{67118D7D-3F5D-40AB-AA2A-7B054F6F03C2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{68627AD3-80FA-4A51-88AA-15F503FD5A51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{713C2C9B-4C0C-4A7B-B05D-D585C73D6424}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{724B323D-8C9D-4494-8C50-AFFC5BBBC6C1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{7611E35C-C031-4123-8F81-65915300E30D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{761CA327-C088-4CE4-9078-B8E6A63B3DC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7761811B-A8FD-4272-822E-5D4A4660DCEC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{7ACBFAAC-6341-47BF-8FC0-EFA0C1919EA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7D3676A7-43BE-46E8-9BE3-9A73100FDEC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80E6D35A-3A45-48BE-9FB5-D509A1CE0D19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{854C5F3E-E700-412C-9D90-645F98F6B945}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90EE0142-A41E-4D6C-A9E2-C9563CBC430B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9202E0D3-C616-4251-BB2D-E540304C29BD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A1B885D7-815A-4C01-B65C-07C950C1EE17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A2633540-09F1-437E-9E97-94B08F0B4F27}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A34C3FD5-C291-46F3-9E4A-14DF64FBB721}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A4CD7194-A1FD-4777-801A-22EDB3CAC817}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD1D4AF0-14FA-439B-A305-573220043B06}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{B190E9BF-555D-4AD8-8B2C-5D72AC7FB8B2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B344CB3B-E912-4B19-95B6-5CDBD5FDE2D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4323962-5376-4305-8C5D-4C7F41DEE90A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{BA5CCEB4-DB8C-445E-9C19-90CC40D4FACD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C26E17AD-96B8-4CAF-8670-325691135473}" = protocol=6 | dir=out | app=system |
"{C68369B9-8A3A-4007-81B2-BB8D08808C62}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C99361F9-D01C-4B53-AFEB-7225C721E898}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC418E0E-B4D8-4FC9-8313-190E046AF624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD81BC4C-E186-4AEA-82FE-ECA05A9D1ED9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D35267FD-5AAA-464C-BEEB-F8AE368F7700}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{DAA318CB-D395-447E-B555-8DB93E9C4754}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{E22F74E0-2529-41B3-B24E-BDA9617B5F88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E30219FB-C59E-4B33-B8AA-8219FF8B147B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3F43A76-784B-4F89-AA92-F1A784B9A771}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECC5F669-BAD3-446D-9C76-7C49204BEC24}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F32E8CFB-68D4-4FC7-BE91-0EE4018070F0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{F977D96B-5107-4741-9128-3FB335940CF4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F9B8D7D5-198D-4ED7-A4F8-B921C63D5443}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{FDF64BCF-CD91-4752-A3C5-3E023157DE4D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{29A7A43E-CB5B-4850-9226-D81E68232BE0}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{3A12F0EF-CD64-4DDD-953B-86268261B92E}C:\program files (x86)\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows sidebar\sidebar.exe |
"TCP Query User{3BD193EA-2DD1-4A4E-8DAA-6885DA9D6CFD}C:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\cnext.exe |
"TCP Query User{4AFBE5A7-9A7E-4508-94C5-71710BF21093}C:\program files (x86)\remote control server\remote control server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote control server\remote control server.exe |
"TCP Query User{50C16F76-BCB2-4D73-BEA4-DA3FB04609B0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{5BD6431E-2AE0-453C-8019-95176013EBAD}C:\program files (x86)\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows sidebar\sidebar.exe |
"TCP Query User{633E6D69-491A-4E04-9E70-A072B21FF8F9}C:\users\philip xxx\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\philip xxx\appdata\local\akamai\netsession_win.exe |
"TCP Query User{701ED2F5-1547-49BF-8396-1C229D865235}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{755A228D-0D74-4432-8123-397B1BA6B0E3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{7D4D0A97-0053-4DEC-8D8A-B9D0B8D7FDDD}C:\users\philip xxx\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\philip xxx\appdata\roaming\wuala\wuala.exe |
"TCP Query User{A73B85A3-1C42-4E51-81B9-CE67AAB8578B}C:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\orbixd.exe |
"TCP Query User{D9F31D19-691B-4C53-A190-2E429F729D9B}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{DAFCBA81-AAAD-4AEC-81A2-6196457C4B71}C:\program files (x86)\remote control server\remote control server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\remote control server\remote control server.exe |
"UDP Query User{00414C8B-0005-49E9-A7EA-BE1B89386FAE}C:\users\philip xxx\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\philip xxx\appdata\roaming\wuala\wuala.exe |
"UDP Query User{09FEEB40-2408-4487-91AA-61661D2A2C48}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{1B3BC985-3C79-411F-8A0D-3FAE5D1E3FD7}C:\users\philip xxx\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\philip xxx\appdata\local\akamai\netsession_win.exe |
"UDP Query User{32F26A51-0BAA-4A02-B1B6-7DBC3FBD77E7}C:\program files (x86)\remote control server\remote control server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote control server\remote control server.exe |
"UDP Query User{54A02DF9-696F-416A-B272-F0860C2E8E08}C:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\cnext.exe |
"UDP Query User{6253561B-2EF8-46B9-B9AB-4FE653F3D37C}C:\program files (x86)\remote control server\remote control server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\remote control server\remote control server.exe |
"UDP Query User{880769F2-7157-4DEB-9204-EE70355367BF}C:\program files (x86)\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows sidebar\sidebar.exe |
"UDP Query User{CEB6F5D8-AE8E-4DD2-BAB1-247CA9BA3098}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{D1ADDB19-3C20-49E4-8D94-749491BCECF5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D37B7BAF-4555-443E-B043-E3B4FC4DCD2A}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"UDP Query User{D9002065-8A65-4AA8-B9F0-5F9A029A4D17}C:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\zweiterversuch\b21\win_b64\code\bin\orbixd.exe |
"UDP Query User{EC766E74-166F-4DDA-B3E4-1846C1DC15F2}C:\program files (x86)\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows sidebar\sidebar.exe |
"UDP Query User{F04F8689-F102-4DAE-BD2B-10410A6D51A0}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{144B2F95-E2C6-4317-94E7-0B9B03F133B7}" = Autodesk Inventor 2010
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{38DCF0E4-948D-262D-88E6-57CDE6BB982A}" = ccc-utility64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-8028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2010
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{62BDA98E-352B-5244-FA5C-5C441EF799EB}" = ATI AVIVO64 Codecs
"{7EFF6FF7-45DE-A868-8300-615D7038879E}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF90F06A-3B2D-48E3-8C7A-1F2210200476}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}" = Dassault Systemes Software VC9 Prerequisites x86-x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F62B016F-677E-0079-0052-18D45F186798}" = AMD Drag and Drop Transcoding
"{F763AC14-3F26-4161-9567-11D5260AD4FE}" = Autodesk Inventor 2010 Language Pack - Deutsch
"Autodesk Inventor 2010" = Autodesk Inventor Professional 2010
"Dassault Systemes B21_0" = Dassault Systemes Software B21
"DWG TrueView 2010" = DWG TrueView 2010
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03496F77-5835-D529-1ED8-044FCD372E0F}" = HydraVision
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1370D655-9DA3-EF82-FB57-BC5A2DCCD020}" = CCC Help Japanese
"{179D679D-047F-491D-8783-D4BE596D2242}" = Visual Basic for Applications (R) Core
"{17D6207F-F9F4-1FDE-3F6B-C5B67CFD87C9}" = Catalyst Control Center Graphics Full New
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DA18566-1084-CE33-5BC5-A214B8FC0CA4}" = CCC Help Norwegian
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B4D0B5-81C5-ACE0-94CB-72E875B447A4}" = Catalyst Control Center Graphics Previews Common
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3D4AEA8C-3FD2-AB03-9E3A-F040B42E0BA3}" = CCC Help Portuguese
"{44136AFD-2559-F68C-10E3-AC269CE942A7}" = CCC Help Danish
"{46942F53-F6B5-E272-6989-0C75BBDF2668}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EE4C1F0-B0BF-37CA-2555-ED586F17C5C9}" = Catalyst Control Center Graphics Previews Vista
"{53EBA2A9-50F2-16EB-3A44-C99BFF927032}" = Catalyst Control Center Graphics Light
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5629D545-08E1-516E-F498-082A72A5269D}" = CCC Help Polish
"{5C329FB8-04D8-D32B-18B8-FA7594040FC0}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A0AEB7F-E55B-809B-0D05-F843032B75F7}" = Catalyst Control Center Graphics Full Existing
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F05FB49-2086-2FED-E2CC-824C189E9C75}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{755C6515-9FEA-490C-B15E-22BB6519E57E}" = Remote Control Server
"{75F440C9-C292-1BA6-9755-C94F800657E9}" = ccc-core-static
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4E2C-EDDA-D622-6DAA-6DDE7B17DE85}" = Catalyst Control Center Localization All
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ACC5E2B-B543-2E93-F37D-A1390847FF29}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{878C6821-18F9-F6A2-42A7-1ACB1A14AF5C}" = CCC Help Hungarian
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{946CC1D8-6E30-2A7C-3AC1-D433ED4FB00B}" = CCC Help Finnish
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDF34B4-B53E-54B5-9BA9-7FAA41693BF0}" = CCC Help Czech
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A60ABB01-915B-E5A4-5120-0976C0D7697F}" = CCC Help English
"{A7238DAD-BF6A-3D96-8436-065A1175B39A}" = CCC Help Chinese Traditional
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C05290B3-B125-2481-BC4D-7C4BE5126DD5}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C310995F-B785-4252-6A3B-333BA411DE6B}" = CCC Help French
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082A6B-2334-2533-A5ED-41B537ECD02A}" = CCC Help German
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E84FA784-3305-5E34-16C8-51949D03C059}" = Catalyst Control Center InstallProxy
"{E9A28E0B-F85A-FFDA-C486-C0D34AD506AF}" = CCC Help Turkish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC318F8C-CECC-B31E-44C4-55A1A63E41D5}" = CCC Help Greek
"{ECAD020B-3418-E868-FC8D-668FA6C6A019}" = Catalyst Control Center HydraVision Full
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4B6FE67-B077-472E-1B06-0D50C8B05206}" = CCC Help Swedish
"{F4B70AA9-AA91-4894-4AC5-61A6934CD85B}" = Catalyst Control Center Core Implementation
"{F525FDB5-C9D4-6505-ACB9-90C921C83ACD}" = CCC Help Italian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE83F56A-D87F-E70E-AE6E-749DFBE27666}" = CCC Help Spanish
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVI Media Player_is1" = AVI Media Player 1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Google Chrome" = Google Chrome
"GpsGate" = GpsGate
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"McAfee Security Scan" = McAfee Security Scan Plus
"Media_Star Toolbar" = Media_Star Toolbar
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-744407795-3100791593-3173924299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.03.2013 13:52:44 | Computer Name = PhilipXxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 14.0.6009.1000,
 Zeitstempel: 0x4cc1a4ed  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.17206,
 Zeitstempel: 0x50e6605e  Ausnahmecode: 0xe0000002  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xb28  Startzeit der fehlerhaften Anwendung: 0x01ce23feeff065d3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a279f9ee-8ff4-11e2-b63b-6cf049e33400
 
Error - 18.03.2013 16:30:56 | Computer Name = PhilipXxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 14.0.6009.1000,
 Zeitstempel: 0x4cc1a4ed  Name des fehlerhaften Moduls: ppcore.dll, Version: 14.0.6129.5000,
 Zeitstempel: 0x5082f66e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004c7c8  ID des fehlerhaften
 Prozesses: 0x1178  Startzeit der fehlerhaften Anwendung: 0x01ce240cf64d526a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\ppcore.dll
Berichtskennung:
 bc6cb860-900a-11e2-b63b-6cf049e33400
 
Error - 20.03.2013 13:24:20 | Computer Name = PhilipXxx | Source = ESENT | ID = 215
Description = WinMail (3780) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 20.03.2013 13:24:23 | Computer Name = PhilipXxx | Source = ESENT | ID = 215
Description = WinMail (980) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 04.04.2013 12:11:21 | Computer Name = PhilipXxx | Source = System Restore | ID = 8210
Description =
 
Error - 10.04.2013 15:04:26 | Computer Name = PhilipXxx | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e94    Startzeit:
01ce361d59305a2a    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 62c07fe3-a211-11e2-8d51-6cf049e33400 
 
Error - 10.04.2013 15:06:03 | Computer Name = PhilipXxx | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2f0    Startzeit:
01ce361e64cd1845    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 acd6cbbf-a211-11e2-8d51-6cf049e33400 
 
Error - 10.04.2013 16:26:58 | Computer Name = PhilipXxx | Source = Application Hang | ID = 1002
Description = Programm CNEXT.EXE, Version 5.21.0.11063 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ed8    Startzeit:
01ce362920d9b6f2    Endzeit: 15    Anwendungspfad: C:\Program Files\Dassault Systemes\zweiterversuch\B21\win_b64\code\bin\CNEXT.EXE

Berichts-ID:
 
 
Error - 16.04.2013 14:36:55 | Computer Name = PhilipXxx | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "PDF Architect Helper Service" konnte
 nicht neu gestartet werden.
 
Error - 16.04.2013 14:36:55 | Computer Name = PhilipXxx | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "PDF Architect Service" konnte nicht
 neu gestartet werden.
 
[ System Events ]
Error - 07.04.2013 16:51:16 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 07.04.2013 16:51:18 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 12.04.2013 06:37:17 | Computer Name = PhilipXxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.04.2013 06:59:38 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 12.04.2013 08:20:57 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 15.04.2013 09:16:27 | Computer Name = PhilipXxx | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 16.04.2013 08:44:04 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 17.04.2013 09:29:35 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 19.04.2013 06:43:15 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
Error - 22.04.2013 15:21:07 | Computer Name = PhilipXxx | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
--- --- ---

hoffe, das ist DAS was du brauchst

cosinus 23.04.2013 23:26
Zitat:
[2013.04.10 22:21:29 | 000,002,608 | ---- | c] () -- c:\users\public\desktop\catia v5r21.lnk
Was bitte machst du mit dieser (sündhaft) teuren Software auf deinen Rechner? :confused:

jonny_deluxe 24.04.2013 07:44
Maschinenkomponenten konstruieren :crazy:

cosinus 24.04.2013 10:21
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

jonny_deluxe 24.04.2013 10:23
Nein


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:00 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129