Hey,
war nicht in Rechnernähe. Als ich ihn heute starten wollte trat das gleiche Problem wie zu Anfang auf. Nur, dass ich diesmal nicht in den Abgesicherten Modus mit Eingabeaufforderung kam - hat sich beim Laden der Daten aufgehängt und eingefroren. Nach einer Weile hat er sich neu gestartet - selbe Problem.
Konnte also diesmal nichtmal mit OTL ein Bericht erstellen.
Gibt es noch irgendeine Möglichkeit, die Daten zu sichern? Oder hilft nur PC platt machen? Und kann man irgendwie an die Daten kommen, ohne da die Viren oder so mitzuziehen?
Vielen Dank schon und nochmal.
Okay, berichtige - nach einigen Versuchen konnte ich OTL durchlaufen lassen und Scannen. Hier die Logfiles dazu.
Hoffe, es kommt nochmal so schnell gute Hilfe. Diesmal werde ich gleich eine Datensicherung einrichten und den PC aufräumen. Code:
OTL Extras logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\PS CS 6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe" = E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C1869-451E-40AE-A41A-A21E72ED6F3A}" = rport=445 | protocol=6 | dir=out | app=system |
"{01B8ABAC-1D90-46A3-A55B-AA42E6E8B117}" = rport=138 | protocol=17 | dir=out | app=system |
"{01B90067-134F-406B-A57B-69F713CF03C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0BC26644-28AE-4FC7-A9BE-392A1FB055F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{111682D2-AD4D-4BE0-8D3D-E15DCAA685D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1BC72A23-A3BF-48D4-8F1A-005347C4EC71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3F901FC0-92B8-449C-9D00-796744D2AC18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{429B0F19-5A3E-42B4-8B34-D17A05E68740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{615507E0-A915-45F1-9890-E546C26A209D}" = lport=139 | protocol=6 | dir=in | app=system |
"{63A28F5F-BFB3-4357-99CC-995434CB79D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{658EDBB1-A304-4021-ABE8-6E50B489EEC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C00E6A0-F056-40FC-9D20-7E438743FAF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D64749-451D-4ECD-B074-71AF7652F7EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C72D6AB-455C-4EFC-A00E-45555AD3787F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7CC325AD-68A2-4012-AE38-DB18543AEB2E}" = rport=139 | protocol=6 | dir=out | app=system |
"{9861FB8D-7B0F-4A87-BA6D-267F710101A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A3EBFCCE-079B-4957-B907-6E9886E6FC50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC93D640-45AC-46A2-9C7A-B6623436BEE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B70EE68F-D0BD-45D1-96FB-AC0CFA1EE368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D46EB686-C5BB-4329-9447-471752DC5782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D601692B-1CD7-4C8B-BFA0-14B75CD05366}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{D992DAFB-B762-4729-B88A-7797839FF2C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E38F9C35-F1F8-4064-A6F8-7F86E1B560F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA208381-5C67-4DC4-8B5D-CE824117F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8738809-12F6-45EF-A681-3C31C67DD852}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085B955-56BA-473F-8ED5-A69D8C843E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{02CB7ABC-7A24-4D49-94B8-22E1A1ABB12C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{03A0CE32-38BD-4B08-824E-1F267BB0D92F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{04BA9FAB-3C2B-47C2-8359-427278186989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0559B808-F3D7-4353-AB37-94C4739E7EC0}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{05A13A72-1A66-4971-ADBF-64A144EAB17D}" = protocol=6 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe |
"{09A517CD-0FAE-4BFA-9D9D-34CD5F001A47}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer.exe |
"{0CC90E07-0D62-467C-BF16-9F654E28F1FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1952F11E-F340-4391-BA41-CDE0BCC9FA73}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe |
"{1CCCD02B-4812-4A08-B2D2-091E852BF90C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1CD282C3-6482-4D26-A57D-C39721714315}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"{242FEC2E-D375-4A9F-A44D-52D1AD0234DF}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe |
"{2AAB60E1-5449-4235-AF33-804975A234D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BC6B7EE-509B-434C-946A-6AB38F96E8A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EC6259B-8A5D-4C27-AEF0-BCE5D349D45F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3198636D-011F-47E0-A9F6-E6FA016F22B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{38599AE1-76C5-45FE-A585-6100C76A3573}" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"{391D0643-7576-44AA-A0DF-3AB0744B668C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C979D3C-C62C-41AB-9987-97902D843F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CDB117C-BEA0-4959-AFB3-765FD31584D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{3EDFFEC1-2B71-46AA-A3F7-C391976538E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{3F6E5F4D-5EF3-4031-AEA9-8EFC03916942}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"{47065E43-46D8-45FF-9090-3FDFDE7E67E1}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{4E8D4E6B-4A70-4CDE-9B05-88E828451466}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer.exe |
"{557ACC55-17E2-49D8-A67D-135D45A6B0D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{5AE17198-72C0-49B3-BDD9-38D2EE0E7967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AE45DB6-1B63-4352-86A6-AF522EBDEB53}" = protocol=6 | dir=out | app=system |
"{5B937E7C-ACC8-469F-83AF-4C8A96C3D646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BE830D5-7C5A-430A-A23C-A7440478D95B}" = protocol=17 | dir=in | app=e:\spiele\skyrim\steam.exe |
"{60E4AD5E-9905-45F7-AE3C-8B06CAAF9D2C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{61DF8C14-1C34-4290-AC65-06F1A5CCF267}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{61FF37CE-5A62-441E-9C82-24F38BBA2090}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{75F8B34C-9AE8-4B3D-85DB-3491709E6797}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BAA0695-CBBA-4E18-95D9-2E7277A72F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7F4CDBDE-6F13-43EB-ACA6-AD0B235273C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88C722A1-887E-479E-AB09-3A272FA3497D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8F1848E2-E74B-495B-86C3-44696EB70E39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{90AB74DD-BC6F-44F1-8E8B-0266D185BEFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{95EA19CF-7959-44D7-8E79-EFA81EF85AA2}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{997F5F9B-A978-4146-A110-DE7FC3A722DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A94BF7FC-6DBD-4751-AFCC-74E5DB61303D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA1EFE17-8CAD-4420-B6E6-40712704E40F}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{ADB109C7-3215-4520-9B7D-6AA2CF189466}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B7E4D3CB-855B-4266-8CF5-C719A5308B1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B9F64E1F-B269-4FE3-91DE-C4A305556699}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA651E00-E545-4DEB-9B36-374004B1A6F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BBB93082-7A5F-41DC-8CCF-A29616BBD961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8657679-17B5-474F-A6A1-7EE6A5DAE3E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA94BBAD-5976-4DEB-B7A7-E79D40FB3490}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{CAB5B3A0-63F3-4957-A442-AB30C83E99FD}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{CDCEC5DE-AE59-495E-A102-E23BCC584025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5E8A7E2-4904-4802-9CC2-CA7130CAF273}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{D8D5D0D6-569C-48EC-9185-0D5C35FF7643}" = protocol=6 | dir=in | app=e:\spiele\skyrim\steam.exe |
"{DC98AD21-6768-4D43-A30D-1AC341F6BA92}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{E60BF77C-2C8B-4595-9486-6936C8D1238B}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{E78488E7-F530-44E7-8B07-D94078721E8C}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{E838FFD5-BB14-45CF-B07A-10E290B2ABFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{EAD008FD-DDE5-4957-B3DA-CC45520D7F9C}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{F00B81A9-BBCF-49F9-82BF-1F0F2473FA79}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{F285A74F-6849-402A-AED4-A81904F62214}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F343FCFF-97A3-41E6-A360-BEA385F56AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{F66E7FC1-9C54-4A8F-9DED-7E131287C44B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FA9D840E-9563-4507-88F0-8E4D60484484}" = protocol=17 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe |
"{FC4EF06F-2D22-47CA-8328-B2AAB700B5D5}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{FD12A3F3-D574-4F16-9567-50578286410A}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{FDD8C4FD-C1F3-4F53-A91D-8D551AC68C1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{FE7F56E1-103E-4FEB-BC1E-6015ABBF4CB4}" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFB08827-23CE-4FFF-8B5F-1B4DAAF1B21E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"TCP Query User{0014723A-37A7-4C3F-A378-53C41E4CE426}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe |
"TCP Query User{0D27742F-5257-43C8-84EA-9E231B7DCE7B}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"TCP Query User{0F3135FD-083F-4404-B6E2-69293123C8F2}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{134391CC-2031-4295-AC94-FFE0E02E4318}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe |
"TCP Query User{16D03AAE-DCDD-4174-BBEA-CC40722A5C37}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{1C32063D-52A0-4031-AC61-7B4139B83A2D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1F31CC17-6C9F-45DA-A643-E52FCF7ABC55}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"TCP Query User{292CF821-DD17-4218-89C3-5207B01E550A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{2E14E686-E9F9-4B6A-8FD4-3C506F8B9EC3}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe |
"TCP Query User{39DF4CF3-A5FC-4EEC-A7C4-1762C4EBB1FF}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{4BE721BA-D3A4-4D8D-B69E-2A7B6747D221}E:\spiele\dow\w40kwa.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40kwa.exe |
"TCP Query User{503EE2B4-27D0-47B6-AB6E-9A0483594BD8}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{5EB5CE72-82D0-47C3-9679-4FE154E69268}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{5FBFDC7D-4FD2-4134-BBB4-673685DCCF92}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{69CC34AE-A050-47F0-A138-8B6038D74588}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6AFAB6D0-E2FC-48BA-83F7-05EAE55483DB}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{7385314B-85D2-42D0-8B7F-F620D9FF4F43}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{74C4E019-86D6-4FD1-871A-B7B60F9A3CF2}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"TCP Query User{79ED69AB-42AA-4B60-8B66-272845B68CBE}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{7D68FC6B-FABC-4781-A95C-487A550F6027}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe |
"TCP Query User{8976449F-3BA8-4C1C-B1D8-318B0AFA9A1F}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{8C5F385C-E7F8-47DA-A08C-1BDDC269EA47}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{9935F3CE-57DD-495D-B697-94BFB55504C0}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"TCP Query User{AB3DBF77-F304-466C-8ADD-D21B3C8E353E}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"TCP Query User{C0428AC3-6D0C-4A44-9CD0-2C9D383B076F}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{C46CC9E1-FC62-42E1-8BE1-BCA9FD9EC549}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{C49EAA02-60FF-4AD1-905C-9672FF9FA560}E:\program files\icq\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"TCP Query User{C5BE331E-0D81-4649-AA58-6B592113830F}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe |
"TCP Query User{CACABA95-CCA6-4AE6-94FD-812FFD8EBDB7}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{D17DD753-F69F-4869-8DFA-C4A93FCA0743}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe |
"TCP Query User{D2B9AE61-7D39-4100-B18D-020070661285}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D2F8CD6E-DF6C-4517-AD88-C116E9D7997B}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{DCC6B09F-61CB-4CCC-86BE-4B7E28A49B01}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{DD8180FA-9C4E-44EA-A3DD-0191BE8D0267}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{E690B277-EA1C-4F70-82D3-91A8D83D7973}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F5C6E122-A674-4006-A3B2-62A824CF1CCE}E:\spiele\dow\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40k.exe |
"TCP Query User{F5F4B250-D476-4AC7-816C-D3CCF1136CB6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{F780D198-5A14-42E4-9A7A-EFD0B98D85A3}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{0D019EB6-AF10-4B7A-AB56-40E018F47336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{14436E6F-4B9C-4229-AB99-01A04281056F}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{2D20C224-3A2C-42AF-876A-3E4A76F76D60}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{36F4E5EB-30CF-4DC8-83A3-ECEC86F73298}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{37DA6E4E-58ED-4CE0-9232-2B4963A5D371}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{47004818-6737-40C7-AF7E-0662A54BE024}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{4BF90717-43F7-44F7-A401-CB19EAB0815F}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"UDP Query User{4DCD9E04-70EF-465E-92B2-E2DBA9D481C1}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe |
"UDP Query User{5CD2B3DA-0E1D-4139-A961-05F918CABF2C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{5CE010C9-65B6-4BC3-B424-2C7AC30DF5E4}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{64D9B77E-D7A6-4CE3-B8E3-DBB1893C701E}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{67363C7F-7A2D-4E1D-A0AB-37436FB3351F}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe |
"UDP Query User{708C39C5-CEB3-40A9-A5EF-74C2F62BE340}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{77E6FEB7-9173-49BF-B73E-939E5056281C}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"UDP Query User{7AD0CBA2-1BFD-47A6-8960-730FCC6D7D05}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{7D8AE906-6B1D-4B2A-9E4D-E0C91134E508}E:\spiele\dow\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40k.exe |
"UDP Query User{8025A820-7070-4EEA-9FB0-2FB28D7A83EB}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{813FDE57-BD86-4228-8C14-86344241A1D6}E:\program files\icq\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"UDP Query User{883C0B46-D51D-41ED-B29E-FE32BC5B308D}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe |
"UDP Query User{88E88493-832B-40CB-AC8B-C7F46266FD0A}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{8C104BB1-F90A-4731-ACA3-60025526958C}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{8CAFE158-FD02-48CF-B113-D64BFE3380D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{95B58C57-C7E0-40A4-BB24-3114F5184899}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe |
"UDP Query User{9B8EA6B9-35B0-4D4E-AB07-14FA7E4DEE07}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9F80FEA1-FAE2-4346-B9CA-7142DDCA07A5}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe |
"UDP Query User{A50931E4-3059-4BC5-8981-579472C7746B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{A9E42F6A-83D6-48EA-926B-5083DF519523}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe |
"UDP Query User{B82FB9C6-CC21-497A-80D7-716453542BEC}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{B960B09B-C792-4245-9FFA-CBA497D472CA}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"UDP Query User{BED86359-2871-4DE6-8094-ADE9C99EEAB7}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{C21CF168-1D81-4C42-9372-1A6050867737}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D03CBDA1-E7EA-4F78-9011-679CE91F7FEA}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{D662E869-6165-4515-A6C0-A5811427FCE4}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{D899DA01-7A3F-4D1E-88CA-7D23E8CEA58F}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DF520C42-CF22-48AC-927B-A4F4F68EEEB5}E:\spiele\dow\w40kwa.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40kwa.exe |
"UDP Query User{E6D57D9E-193A-49B3-A137-59746A9C660A}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"UDP Query User{EEAA92B9-51AA-4A79-8B6E-D5908079E2A6}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"UDP Query User{F85A4312-DEFF-42F0-BDF9-9A4DC49E76DF}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E25A554-0153-45A7-B342-49003A36367C}" = PDFtk Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe
"Inkscape" = Inkscape 0.48.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"TeamViewer 7" = TeamViewer 7
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2012 12:31:13 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 16.11.2012 12:31:19 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 16.11.2012 12:31:21 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 29.11.2012 12:42:37 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 5.1.0.16309 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit:
01cdce38ba4415d4 Endzeit: 0 Anwendungspfad: E:\Spiele\World of Warcraft\Wow.exe Berichts-ID:
Error - 07.12.2012 08:26:12 | Computer Name = figur-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Program
Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg. [ACCESS_VIOLATION
Exception!! EIP = 0x1e57462] Bitte Avira informieren und die obige Datei übersenden!
Error - 12.12.2012 20:14:07 | Computer Name = figur-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 16.01.2013 08:10:24 | Computer Name = figur-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: inkscape.exe, Version: 0.48.4.0,
Zeitstempel: 0x50cf79ae Name des fehlerhaften Moduls: inkscape.exe, Version: 0.48.4.0,
Zeitstempel: 0x50cf79ae Ausnahmecode: 0xc0000005 Fehleroffset: 0x00796b3a ID des fehlerhaften
Prozesses: 0x1048 Startzeit der fehlerhaften Anwendung: 0x01cdf3e1279e46ea Pfad der
fehlerhaften Anwendung: E:\Program Files\Inkscape\inkscape.exe Pfad des fehlerhaften
Moduls: E:\Program Files\Inkscape\inkscape.exe Berichtskennung: b432eed6-5fd5-11e2-8f0e-1c6f658620a9
Error - 30.01.2013 05:25:41 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e94 Startzeit: 01cdfecbaf241a15 Endzeit: 40 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 10.02.2013 09:33:34 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 18.02.2013 13:34:31 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
[ Media Center Events ]
Error - 04.09.2011 06:23:26 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:26 - Fehler beim Herstellen der Internetverbindung. 12:23:26
- Serververbindung konnte nicht hergestellt werden..
Error - 04.09.2011 06:23:38 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:32 - Fehler beim Herstellen der Internetverbindung. 12:23:32
- Serververbindung konnte nicht hergestellt werden..
Error - 05.09.2011 09:52:57 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung. 15:52:57
- Serververbindung konnte nicht hergestellt werden..
Error - 05.09.2011 09:53:07 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:53:02 - Fehler beim Herstellen der Internetverbindung. 15:53:02
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 02:18:58 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:18:58 - Fehler beim Herstellen der Internetverbindung. 08:18:58
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 02:19:08 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:19:03 - Fehler beim Herstellen der Internetverbindung. 08:19:03
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 12:57:15 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:15 - Fehler beim Herstellen der Internetverbindung. 18:57:15
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 12:57:25 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung. 18:57:20
- Serververbindung konnte nicht hergestellt werden..
Error - 07.09.2011 06:45:19 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:19 - Fehler beim Herstellen der Internetverbindung. 12:45:19
- Serververbindung konnte nicht hergestellt werden..
Error - 07.09.2011 06:45:36 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:25 - Fehler beim Herstellen der Internetverbindung. 12:45:25
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.05.2013 12:33:55 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkverbindungen" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:56 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.05.2013 12:33:57 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AppleCharger avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd ssmdrv
tcpipBM
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
Error - 16.05.2013 12:44:01 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
OTL logfile created on: 16.05.2013 18:38:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 88,19% Memory free
6,49 Gb Paging File | 6,13 Gb Available in Paging File | 94,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,80 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,28 Gb Free Space | 9,28% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive G: | 1,89 Gb Total Space | 1,54 Gb Free Space | 81,51% Space Free | Partition Type: FAT32
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.13 13:33:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - [2013.05.16 11:55:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- E:\teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.07.03 19:05:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 11:44:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- E:\Program Files\VMC\Bin\VMCService.exe -- (VMCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\figur\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.07.02 12:23:05 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.07.06 04:22:55 | 000,648,808 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV - [2011.07.03 19:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.03 19:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.03.07 11:21:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea)
DRV - [2011.03.07 11:21:28 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011.03.07 11:20:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag)
DRV - [2011.03.07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011.02.12 17:39:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.12 17:39:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.12 16:17:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.de.maxiwe.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DD D2 D4 53 D0 CB 01 [binary data]
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes,DefaultScope = {D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{C89A4C31-E138-41b2-A7C7-7A30DB2C13CD}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: E:\Program Files\VMC\Optimization Client\addon\ [2011.02.28 13:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M]
[2011.03.05 21:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Extensions
[2012.11.04 14:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions
[2012.08.02 16:42:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.14 13:31:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.10.14 14:50:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\ffxtlbra@softonic.com
[2012.11.04 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\staged
[2012.11.04 14:29:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-1.xml
[2011.10.05 21:25:09 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-10.xml
[2011.11.13 15:22:11 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-11.xml
[2012.03.30 12:33:44 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-12.xml
[2011.06.11 15:14:33 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-2.xml
[2011.07.11 02:20:18 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-3.xml
[2011.08.15 16:57:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-4.xml
[2011.08.22 16:58:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-5.xml
[2011.09.01 21:10:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-6.xml
[2011.09.05 18:46:26 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-7.xml
[2011.09.08 23:24:58 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-8.xml
[2011.09.09 20:00:38 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-9.xml
[2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.gif
[2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = E:\Program Files\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = E:\Program Files\Java\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Mail = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013.05.13 15:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [Spotify Web Helper] C:\Users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: drei.to ([games] https in Trusted sites)
O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: x7.to ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A48842B-B5EF-4C72-95D0-6B6A8D3E40CC}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9927F8A-4FBE-4E06-802A-9286DB433134}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.15 15:35:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.15 15:35:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.15 15:35:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.15 15:35:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.15 15:35:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.15 15:35:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.15 15:35:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 15:33:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.15 14:41:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 14:41:49 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 14:41:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 14:41:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 14:41:42 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.13 18:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.13 18:33:04 | 004,346,816 | ---- | C] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:44:53 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Roaming\Malwarebytes
[2013.05.13 15:44:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.13 15:44:25 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.13 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.13 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\Programs
[2013.05.13 15:43:48 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:24:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\figur\AppData\Local\temp
[2013.05.13 15:23:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.13 15:19:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 15:19:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 15:19:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 15:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 15:19:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.13 15:16:56 | 005,069,265 | R--- | C] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:00:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 16:31:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Männertag 2013
[2013.05.10 11:47:45 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Mt13
[2013.04.29 23:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013.04.29 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2013.04.18 16:23:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\DSK Praktikum
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.27 20:03:52 | 003,449,138 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2014.01.27 19:37:50 | 002,089,078 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.16 18:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 18:33:45 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 18:05:51 | 000,003,360 | ---- | M] () -- C:\bootsqm.dat
[2013.05.16 17:49:01 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 17:07:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job
[2013.05.16 16:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 16:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:32:24 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 16:29:19 | 000,664,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 16:29:19 | 000,624,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 16:29:19 | 000,134,932 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 16:29:19 | 000,110,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 16:26:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.16 16:25:04 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2013.05.16 12:46:10 | 002,729,109 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:51 | 000,114,522 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.16 11:55:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 11:55:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.16 10:05:56 | 003,917,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 14:40:15 | 000,000,266 | ---- | M] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:39:52 | 000,212,414 | ---- | M] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:07 | 000,125,337 | ---- | M] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 18:33:04 | 004,346,816 | ---- | M] (Piriform Ltd) -- D:\Users\figur\Desktop\ccsetup401.exe
[2013.05.13 15:51:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- D:\Users\figur\Desktop\mbam-setup-1.75.0.1300.exe
[2013.05.13 15:44:26 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.13 15:24:42 | 005,069,265 | R--- | M] (Swearware) -- D:\Users\figur\Desktop\ComboFix.exe
[2013.05.13 15:23:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.13 15:08:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\figur\Desktop\tdsskiller.exe
[2013.05.12 21:36:39 | 000,054,108 | ---- | M] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 20:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job
[2013.05.12 16:26:14 | 002,216,474 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:22 | 002,409,417 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:17:12 | 001,477,360 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | M] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.10 12:03:56 | 000,005,253 | ---- | M] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.16 18:05:51 | 000,003,360 | ---- | C] () -- C:\bootsqm.dat
[2013.05.16 17:48:37 | 000,000,004 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.ini
[2013.05.16 12:46:09 | 002,729,109 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105251.jpg
[2013.05.16 12:11:50 | 000,114,522 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Mod_SoSe2013_Checkliste-Vorbereitung_Mod.pdf
[2013.05.15 14:40:15 | 000,000,266 | ---- | C] () -- D:\Users\figur\Desktop\F-Secure.zip
[2013.05.14 08:27:36 | 000,212,414 | ---- | C] () -- D:\Users\figur\Desktop\V8BMr4MCqsOjoz2CqluTy6c-B98yCGIKvlg627fj3eU.jpg
[2013.05.14 08:27:17 | 000,125,337 | ---- | C] () -- D:\Users\figur\Desktop\Y1TPho6zTz5_GI8F61EJ14wbOuVTluAt-ShoaVZcU-Q.jpg
[2013.05.13 18:33:46 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.13 15:44:26 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.13 15:19:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 15:19:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 15:19:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 15:19:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 15:19:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.12 21:36:47 | 000,054,108 | ---- | C] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg
[2013.05.12 16:34:07 | 002,089,078 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0886.JPG
[2013.05.12 16:31:52 | 003,449,138 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0889.JPG
[2013.05.12 16:26:14 | 002,216,474 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105246.jpg
[2013.05.12 16:25:08 | 002,409,417 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105241.jpg
[2013.05.12 15:12:17 | 001,477,360 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf
[2013.05.12 15:12:09 | 001,860,463 | ---- | C] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip
[2013.05.08 09:30:33 | 000,005,253 | ---- | C] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf
[2013.05.06 16:51:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.04 22:31:38 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2013.04.04 22:31:38 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2013.03.11 18:04:26 | 000,000,218 | ---- | C] () -- C:\Users\figur\AppData\Local\recently-used.xbel
[2012.07.23 21:28:01 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.03.11 17:08:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.03.11 16:04:00 | 000,098,304 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.dat
[2012.02.20 15:45:02 | 000,000,287 | ---- | C] () -- C:\Users\figur\AppData\Local\VersionChecker_17.xml
[2012.02.16 20:04:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.09.29 22:14:13 | 000,003,584 | ---- | C] () -- C:\Users\figur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.10 21:23:14 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2011.07.10 21:23:14 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011.06.11 00:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.11 00:36:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
|
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: 
Textbox.