| |
| |||||||
Log-Analyse und Auswertung: OTL Analyse gemacht brauche HIIILFEEE :/Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.08.2012, 14:22
| #1 |
| |  OTL Analyse gemacht brauche HIIILFEEE :/ habe eine loganalyse gemacht nachdem ich hier nen thread über die fehlermeldung RunDLL Fehler in C:Windows / SysWOW64/rundll32.exe Folgender Eintrag fehlt: FQ10 gelesen habe ich poste es und würde gern ma wissen was ich machen muss um diesen fehler zu beheben. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 8/7/2012 3:08:13 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.63% Memory free
7.73 Gb Paging File | 5.67 Gb Available in Paging File | 73.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.03 Gb Total Space | 290.26 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 1.37 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005E881F-5110-4200-BF0A-3FAA45B40C28}" = lport=139 | protocol=6 | dir=in | app=system |
"{09D54EBA-871B-4717-A6ED-DE006B776CF1}" = rport=445 | protocol=6 | dir=out | app=system |
"{21A24420-E34C-4F8D-8461-D1F56826B354}" = lport=138 | protocol=17 | dir=in | app=system |
"{28F4D907-83D5-4CCC-A3CC-2506A700F26B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A0D7A77-B4DA-4339-9952-79F0DD51F75A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{338FAA5D-CF67-4474-82DA-3E47047AFD4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34C6F58F-96B3-432C-8B16-590FD8796C8A}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A3182A7-6AAD-4FE9-BF71-AB1591E7016F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{452BB4A9-3667-420A-A570-ACC0646C5159}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5A32941B-C3FF-4CE7-A9D3-DC46D03172EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{659EDCA6-B1E5-4F36-820F-DB9A7664E676}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6674547E-40EE-4B9F-BCB5-36ACB57FCDC4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6A676930-79D9-481C-B989-04CCE38F6946}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6CE35525-8388-4B2E-B072-4B9FF3B9CF1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CF959B2-9D05-4C36-9C25-70BFBF1E7858}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{72F1BED3-BF7C-4F0D-80C2-C039B828AAC7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74A8CFCC-85A0-41B1-86F8-0464FD7B0C95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83046877-8CC1-494F-B4B3-4E71FBAF80EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{834C81C5-62BB-4FCD-B8E6-FA8B3972F252}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A29BBFDC-9467-4B8A-97EA-19504C7701B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA7A1D08-7C28-40EA-AD10-100C03F0E2E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{C847A0DE-A6C3-4142-AB58-5DC2C658EE37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA51F7C0-3FE0-4405-B231-258E969030CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CC09A1CF-EFD9-4BC4-83C8-06FBDC8076F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CC74317A-5534-4191-BFCE-FA96140DFC38}" = lport=137 | protocol=17 | dir=in | app=system |
"{D257072E-C4D4-49C9-BA7E-9FB1E56BB513}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC4EC741-9C16-48E1-A289-B816D8F836A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFD1A14F-3460-4994-9D33-8F474187E56D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F684FB20-3D29-40B2-BC9A-32CC5DFD242A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1423EEC5-92C4-47BA-A351-0B4F5F782E4E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{15ED5F2F-B8BA-4454-A6E8-15FD3B0D6AB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{170D8D15-78E5-4F0C-AECC-DBF5B4615C70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C8D0BBD-F93D-447F-858F-0C24CFD49554}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EC4082C-D9A9-4918-AD32-882C2A8ED288}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{23B9805E-70BE-46B6-89DC-8278EC055B6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23D23FE2-9BB4-434C-B870-C8A54795DEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{27BB3620-BE73-4E4E-998C-58BBC5665F60}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{2B945729-973B-4C33-82C1-AFA7684BD18B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2CB5115B-5787-4293-89A8-55B68354FF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{2D6F2521-CDA8-488D-9CBD-7C08FCBC9BA7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{2DA21955-6010-4B7A-B86E-B164310C84B8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{349A79AF-758A-4DD3-B9B5-40761092CD08}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{43D99DF7-4EF0-47EA-B2AA-BA03A1AA94EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{482FE64E-3F29-4317-B7CF-62F5E8E1FBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4A1E4A81-F721-403B-A8CB-F44E90F453D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{4F0841B2-4867-4027-A62F-43021E9AEC7E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{5321967F-10E0-4059-AD4C-E6FEA8082C78}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5775DCD8-9CD8-4F27-BFC4-20CC34D1FA5E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{59724490-30B4-4FB5-A8CB-636F22A38917}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5AF83A22-EF08-48C4-92FF-49DE2E6CF020}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{5BE9A626-3F46-4128-8ABE-77F47C370262}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{5F81C80E-049E-4B7A-BE7D-0038CF0CE3E1}" = protocol=6 | dir=out | app=system |
"{6900C0BD-DFE2-468F-B460-71A68FEB894F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{69EEFD66-CD9D-405F-BAF0-0AB8170A7D5A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{6A42A542-70FD-41D5-946F-A7A25BBC80EB}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{6C63E6D3-A200-4DC1-AA77-D760A5C1758A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{6FBD851A-7C87-4C1F-B4C0-C073D048F1DC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{72ACD695-01B7-48C9-93CE-0C3E9A65507B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{74A19B7D-215A-4FD5-AF87-6BC44122B19B}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{74B16D02-8DB7-4B1D-AE38-5ECF48107F16}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{787B4CD2-7F5B-487C-83F3-0F4874FCF7AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78DF17AF-E5E3-4876-BFF7-90F19A7F09AE}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{7CA89745-0D85-464A-82E6-7836B9D02C77}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{7E6D5DBB-1BDD-4D54-B038-F29E2209867C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{8489E421-381E-4B57-B975-DE0567AEE5BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{886215B9-5104-4B1A-B90A-D7DDF98FE5D4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{8CF5D1A7-4AEA-45D9-866A-E2943CC8D64D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{91E04487-D8BD-40A3-9B7A-47DB251476EE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{92DACF57-3DDA-45C0-869D-303E786BCE0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A919EDC-C4EA-4743-B1EA-85476B31E5FC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{9C1CC7CC-7398-4DAD-A057-98EF53A008D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A01BF79D-E8B5-4522-8BEF-FD232E6F268C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A06FC32C-1494-4F65-B65E-8E301254D00A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A338289C-D185-425D-B6FA-F72AEC6E1498}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6A6321C-E41F-4E05-B35A-6DE7E85EF022}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{A74F3B3C-2E06-4357-8DA1-4C24C1A23028}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A83A058C-F28D-4D20-A5CE-43E2DDB40D5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3028877-40EA-404F-A8FE-20AA315AA42A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B322D7BF-573E-46E1-8913-6AD49E5AF4D7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{B354968F-8E9B-4902-A456-4335FEC2EA48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{B4513414-36D6-4420-97AA-22935AFAB6A2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B620CB50-A166-4BE8-9745-4F13F892A74D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B6777293-8C80-4263-8BA5-D013889FBAF6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BD121561-46A7-4540-A346-F3B0FB14B7DA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{BED6F837-C628-4396-BFF8-0A05F6CEA782}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C3A158B6-6C62-47A0-BFD3-934EAB2407DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CB34619E-71FE-46C1-BB2A-EAC4F1CC308F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{CE8676D2-581F-43AD-9870-F534ACBBA095}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F7C4CB-77AF-41D9-A723-9972EE2DB0DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D686965C-4327-4629-A422-A23B42D99F7C}" = protocol=6 | dir=in | app=c:\program files (x86)\staemp\steam.exe |
"{D75CD286-776E-457E-8632-B394BE4D43E3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{D79CD050-D53A-4F3C-A5ED-E9119A320BFC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D958C1B1-6F2B-4C47-93EE-DCFC7014B445}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DA4DB2E5-1480-4231-AB94-27A88B045E4A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD25FB60-B4CF-4C68-930D-0084C64EAA34}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{DD523BF3-C84A-4A2A-9D20-98A3BB7C0C20}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E4D3E6AF-0F0F-4A5C-BD66-775B68328B84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E53FA628-DFA2-49E3-9813-19C3F4B6A0EF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{E9725224-4F37-4870-AA02-4B57569A23D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EDE2F326-38E3-44D3-8336-E39A0FB06EDC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{F2159DB0-9AAC-4197-9EFD-6E3CFEE8277A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4FE09B3-DB7A-4E05-8BD4-171726D3A257}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{F6009BE3-6CFE-4A4D-BCF3-E9F54202E7EC}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{FBA89E92-F9A9-4E28-B2C2-DBECB3C2B483}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{FE6E4DAD-C217-46EE-AC22-1392DC72CE3C}" = protocol=17 | dir=in | app=c:\program files (x86)\staemp\steam.exe |
"{FE7913B0-ECD4-42AA-96C7-E7E039697794}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FF60E0AF-2A20-4614-9C3C-ADA6E17F4072}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"TCP Query User{048D3993-04CB-4945-8F1C-2D0349066D3A}C:\program files (x86)\activision\civilization-call to power\ctp_program\ctp\civctp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\civilization-call to power\ctp_program\ctp\civctp.exe |
"TCP Query User{0D0C40F7-E473-430D-98C2-67C61D27E853}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{157D66F1-BBA6-45C0-94AE-C29FD59E2980}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{1B45FC70-2021-4B90-B398-E62BF5935208}C:\program files (x86)\ea games\command and conquer generäle\patchget.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\patchget.dat |
"TCP Query User{35094D95-9F4D-4980-BF03-DA7B26AE8409}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{4445F600-BF40-441E-888F-3119C928EC7C}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{54742DCF-2EB4-4B05-87E0-5541D833EDD6}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{563B25B8-B594-4362-B3C5-C1FE00C09EF1}C:\program files (x86)\staemp\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\staemp\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{5EB6F2CD-B268-4656-AF41-745900596A1F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{6E1B4647-C129-4158-AAD3-BC69D86D1832}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{6E65960E-C4DD-4C6D-91D8-C63FFDC093B4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{7C5FA719-8603-4CB3-A33C-7B8EB5CB5E6D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{81212D29-8BA8-4A59-B108-5BABF73FEDDA}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8B621D51-A220-42AB-8D4E-1DEF4A58B7D8}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{9DD3A526-47BA-456E-ABB9-AC2093EE854B}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{9E39E31F-A0EB-4000-B187-F01DEEAE8245}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{A889740D-CAD6-4C13-BA7C-9131EF6B54AD}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{AF82F287-4149-4C91-9FE9-6F3B8B16AAF0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"TCP Query User{C4595959-014E-4639-BFDC-06EDE0ED3E10}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"TCP Query User{C58F9F1E-C535-4739-A35C-EA5CD0FE2AAE}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe |
"TCP Query User{CE9271B4-AE55-447C-8F93-5CABFB69E69A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{D8EBFDF7-B422-4E71-89BC-E6F5753D0347}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E941379B-5BC3-4820-8C66-169A311BA70E}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"TCP Query User{EC2A89FD-4871-40FC-8F82-11A31FE0F2F8}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{F3EA2BAB-A79C-43D5-B2C1-3281CF3E6730}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{0FF2B010-5036-4750-8EF7-8BA8845D104B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{1F7E3C1C-B9A6-411C-A960-2DB529D3F2AD}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{21FAA1AF-9E57-4FFE-A83D-032D8B8D007F}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{2C48EC35-4C8E-49E5-8141-1F8D1D39F3B5}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{2F6716CB-9E0A-44CF-87E4-EEC9084784C0}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{3D9BAF60-2DE2-47C0-B6DF-3702AB0E3D53}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{45408BAE-30B2-44D1-8B87-A60419F92954}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |
"UDP Query User{4D7405AA-537D-4A62-BFDC-3BF3765EC526}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{5120CB78-1136-4E85-A550-C7E4ED6B2651}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5977F061-14F6-4E79-8647-3A538E68D8FC}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{6F66C215-F4CC-46D7-8E35-B7D0EFCD4046}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{7018DAF4-CA70-49E0-834D-CE71BDFF5255}C:\program files (x86)\ea games\command and conquer generäle\patchget.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\patchget.dat |
"UDP Query User{75D5410A-E02D-4935-B756-2B415BB57F43}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{7E0F001C-618C-4A0E-AA10-CF5D88F681F1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{95843178-3F3D-4B79-8A00-E7A6B7FF29DB}C:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"UDP Query User{96397712-8339-48C7-951B-021241EBAB85}C:\program files (x86)\staemp\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\staemp\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{AD67CB21-5ED4-4BF2-9CC5-6BC3A49B81F4}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"UDP Query User{AD9609BB-404A-4CF8-869C-3DC5830A26AA}C:\program files (x86)\activision\civilization-call to power\ctp_program\ctp\civctp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\civilization-call to power\ctp_program\ctp\civctp.exe |
"UDP Query User{B6ACEECB-A2D1-4B9D-AADD-C61757229301}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{BE95CCF1-3B26-4549-A1B4-69D77DB3CA12}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{C0E77126-BBBF-4D71-91EA-DDAD25D7CCEC}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{CEC94746-982C-457D-A912-999DE9B19102}C:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\blue byte\die siedler - das erbe der könige\bin\settlershok.exe |
"UDP Query User{D0BB4456-A59B-40C1-8459-A97AB7176DC0}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"UDP Query User{DDCA68D3-5765-477B-BDC1-777E04397E47}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{E5F652E6-4BBF-4711-B715-87C796B2B0A5}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ
"{24873332-B98B-4235-ABBA-CCDEACC62BB9}" = Native Instruments Traktor Audio 6
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3054FEFA-4748-4cf0-8C3C-8DB887DE379F}" = Native Instruments Traktor Audio 2
"{305CA7E5-C739-48e2-B247-584C0E1B717C}" = Native Instruments Traktor Audio 10
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{6D855331-AF38-4D3B-93C7-34F58BACB6DD}" = Nitro PDF Reader 2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{319E272A-B5DB-4939-99D0-1F1F0C55699E}" = HP Support Assistant
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A6681EEB-E0FD-4DC2-8EBF-051F9986DA00}" = billiger.de Sparberater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"1ClickDownloader" = 1ClickDownloader
"Activision_CivCTPUninstallKey" = Civilization: Call To Power
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Cities XL" = Cities XL
"Die Völker" = Die Völker
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"EADM" = EA Download Manager
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"Halo" = Microsoft Halo
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Audio 2 DJ" = Native Instruments Audio 2 DJ
"Native Instruments Audio 4 DJ" = Native Instruments Audio 4 DJ
"Native Instruments Audio 8 DJ" = Native Instruments Audio 8 DJ
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 10" = Native Instruments Traktor Audio 10
"Native Instruments Traktor Audio 2" = Native Instruments Traktor Audio 2
"Native Instruments Traktor Audio 6" = Native Instruments Traktor Audio 6
"NSVEnc" = NSV Encoder (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"S4Uninst" = Die Siedler IV
"SAM3" = SAM Broadcaster (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 2.0.1
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"World of Warcraft" = World of Warcraft
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/11/2012 9:14:04 AM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c734
ID
des fehlerhaften Prozesses: 0x690 Startzeit der fehlerhaften Anwendung: 0x01cd5f66fddd8f54
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: 4991fed5-cb5a-11e1-bb80-6c626d797907
Error - 7/11/2012 12:26:16 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c734
ID
des fehlerhaften Prozesses: 0x14bc Startzeit der fehlerhaften Anwendung: 0x01cd5f81d7f59379
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: 232a2a4e-cb75-11e1-b2dc-6c626d797907
Error - 7/11/2012 12:28:48 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: low-level engine.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc745be Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006f8e
ID
des fehlerhaften Prozesses: 0x1408 Startzeit der fehlerhaften Anwendung: 0x01cd5f82355401ee
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\Sierra\Empire Earth\low-level engine.dll Berichtskennung: 7d8e9f39-cb75-11e1-b2dc-6c626d797907
Error - 7/11/2012 12:29:21 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c734
ID
des fehlerhaften Prozesses: 0xe14 Startzeit der fehlerhaften Anwendung: 0x01cd5f82484867a1
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: 916a34ac-cb75-11e1-b2dc-6c626d797907
Error - 7/11/2012 12:29:57 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c734
ID
des fehlerhaften Prozesses: 0x1754 Startzeit der fehlerhaften Anwendung: 0x01cd5f825d590c8a
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: a690bb54-cb75-11e1-b2dc-6c626d797907
Error - 7/11/2012 12:36:49 PM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c734
ID
des fehlerhaften Prozesses: 0xfb0 Startzeit der fehlerhaften Anwendung: 0x01cd5f83581b8f51
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: 9c40c09c-cb76-11e1-b2dc-6c626d797907
Error - 7/14/2012 5:10:33 PM | Computer Name = User-HP | Source = Application Hang | ID = 1002
Description = Programm DV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1478 Startzeit:
01cd6204ecae4a02 Endzeit: 97 Anwendungspfad: C:\PROGRA~2\Jowood\DIEVLK~1\Bin\DV.exe
Berichts-ID:
Error - 7/14/2012 5:16:31 PM | Computer Name = User-HP | Source = Application Hang | ID = 1002
Description = Programm DV.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1624 Startzeit:
01cd62057ac64563 Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\Jowood\DieVölker\bin\DV.exe
Berichts-ID:
Error - 7/22/2012 9:20:05 AM | Computer Name = User-HP | Source = Google Update | ID = 20
Description =
Error - 7/28/2012 11:15:08 AM | Computer Name = User-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Empire Earth.exe, Version: 0.0.0.0,
Zeitstempel: 0x3bc74cf2 Name des fehlerhaften Moduls: DX7HRTnLDisplay.dll, Version:
0.0.0.0, Zeitstempel: 0x3bc7466a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009851
ID
des fehlerhaften Prozesses: 0x1750 Startzeit der fehlerhaften Anwendung: 0x01cd6cd388d2d933
Pfad
der fehlerhaften Anwendung: C:\Sierra\Empire Earth\Empire Earth.exe Pfad des fehlerhaften
Moduls: C:\SIERRA\EMPIRE EARTH\DX7HRTnLDisplay.dll Berichtskennung: 03bae503-d8c7-11e1-bfe0-6c626d797907
[ Hewlett-Packard Events ]
Error - 6/15/2012 8:59:46 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201206151459.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 6/22/2012 8:19:53 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061222021950.xml
File not created by asset agent
Error - 6/22/2012 8:20:33 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201206221420.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 6/29/2012 8:52:25 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201206291452.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 7/6/2012 8:34:43 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071206023442.xml
File not created by asset agent
Error - 7/6/2012 8:35:12 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201207061435.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 7/14/2012 1:30:11 PM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201207141930.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 7/20/2012 1:20:48 PM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071220072033.xml
File not created by asset agent
Error - 7/20/2012 1:21:12 PM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201207201921.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 7/27/2012 8:21:35 AM | Computer Name = User-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201207271421.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
[ System Events ]
Error - 7/24/2012 4:10:41 PM | Computer Name = User-HP | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 7/24/2012 4:10:42 PM | Computer Name = User-HP | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 7/24/2012 4:10:42 PM | Computer Name = User-HP | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 7/24/2012 4:10:43 PM | Computer Name = User-HP | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 7/25/2012 11:05:43 AM | Computer Name = User-HP | Source = bowser | ID = 8003
Description =
Error - 8/2/2012 12:55:11 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Application Virtualization Client erreicht.
Error - 8/2/2012 12:55:11 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Application Virtualization Client" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 8/2/2012 12:55:13 PM | Computer Name = User-HP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Client Virtualization Handler" ist vom Dienst "Application
Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1053
Error - 8/3/2012 4:43:41 AM | Computer Name = User-HP | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 8/3/2012 4:43:41 AM | Computer Name = User-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 8/7/2012 3:08:13 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.63% Memory free
7.73 Gb Paging File | 5.67 Gb Available in Paging File | 73.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.03 Gb Total Space | 290.26 Gb Free Space | 64.21% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 1.37 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE:64bit: - HKLM\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE - HKLM\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=26bac9c00000000000006c626d797907
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=26bac9c00000000000006c626d797907
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DE30EB51-76A1-482F-9A35-8B8BE685A190}&mid=ce918a3e576b47d1ac8abd2b2b9d90f4-4049fe1f116b20e8418b0ff43950f3b8163b76e0&lang=de&ds=AVG&pr=fr&d=2012-02-27 16:34:59&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{E07C6860-2BE1-4A21-960A-2C1E4F426AFF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/11 14:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 14:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/11 14:40:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 14:41:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 14:41:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/04/20 23:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/07/14 19:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\p7j3pxqq.default\extensions
[2012/07/05 09:33:50 | 000,000,925 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p7j3pxqq.default\searchplugins\conduit.xml
[2012/08/07 11:36:55 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\p7j3pxqq.default\searchplugins\icqplugin.xml
[2012/05/22 19:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/18 23:54:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/11 14:33:30 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/07/28 14:41:11 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/28 23:45:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/11 14:33:36 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/21 00:23:08 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/28 23:45:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/28 23:45:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/28 23:45:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/28 23:45:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/28 23:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (billiger.de Sparberater) - {A6681EEB-E0FD-4DC2-8EBF-051F9986DA00} - C:\Program Files (x86)\billigerde\Internet Explorer\billigerde.dll (solute gmbh)
O2 - BHO: (no name) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Internet Security] C:\Users\User\AppData\Roaming\isecurity.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Steam] C:\Program Files (x86)\Staemp\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF51CAA9-C971-47BC-A846-14881650160E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/07 15:06:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/07 11:33:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99D06A43-B76D-4028-B15C-445A5C1CF965}
[2012/08/07 11:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{744638CE-B27E-4E95-91E8-9B06AD2F4780}
[2012/08/06 15:40:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9655A633-4FED-4CD6-80CA-6F9F40ED6D79}
[2012/08/06 15:40:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F833ADA-1EBC-4144-8AF8-4623BE09075C}
[2012/08/05 12:16:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EFEC1089-2E32-4452-ACA0-3B3D011D0121}
[2012/08/05 12:16:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E3982993-EF3B-4EC1-A698-0D9AEBFCC121}
[2012/08/03 22:44:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{282B31AF-2583-416F-BBE5-C270402F76FB}
[2012/08/03 22:44:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AB6FA0E2-920F-49A1-B233-A59605FA8CA1}
[2012/08/03 10:44:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{83E30F41-8647-45A7-8447-626E7A4076F7}
[2012/08/03 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BA8D31D5-8F82-4230-A90E-3443D104DD66}
[2012/08/02 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6C37F307-AF1D-4456-9DFE-941786568FF7}
[2012/08/02 18:55:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{29358FBA-143F-4B05-8C41-FB66635B8D9B}
[2012/08/01 13:32:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B4B7C9CF-5B53-43BB-8E8A-A1FFAE06FA33}
[2012/08/01 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE1B66F3-1B24-40D4-9864-68D177EC1F86}
[2012/07/31 21:58:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/31 18:36:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B1357B65-EB37-4159-A161-F0A7E19E2FE0}
[2012/07/31 18:36:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E00A47B9-9BB9-4499-B7B7-EE1281C56ACD}
[2012/07/30 20:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012/07/30 20:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/07/30 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SoftGrid Client
[2012/07/30 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\SoftGrid Client
[2012/07/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/07/30 17:49:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TP
[2012/07/30 17:36:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7A75CD4F-F3C3-4766-98B8-706C75A89282}
[2012/07/30 17:36:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6E14B996-CBEE-4378-8AE2-276E4408E3A1}
[2012/07/29 13:39:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B87EE110-D8F1-4E5C-A4D1-92592557BBE2}
[2012/07/29 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6796E6AD-C741-4A72-A46D-85C120FB0329}
[2012/07/28 14:30:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{819ADCA4-B4A5-491E-BA06-63B59E6997EF}
[2012/07/28 14:29:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DB428553-C570-4F68-BEF0-3D0687A52E85}
[2012/07/27 14:12:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AEEC147A-64B9-4ACE-BE7D-571044FB1013}
[2012/07/27 14:12:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{54BB698D-669F-463A-843F-A2C31695161F}
[2012/07/27 00:36:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A871510D-DDF2-4776-988B-451E524E0668}
[2012/07/27 00:36:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7ED5D83D-C2F3-4D10-8920-143D3E60010C}
[2012/07/26 12:35:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BE57A01E-5852-4700-970E-74F7CCA43AC5}
[2012/07/26 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E99029C-2574-49F9-910D-A8EC57F2A396}
[2012/07/25 17:06:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9B677AE6-7FC6-4492-BD6D-592DF5EF16DE}
[2012/07/25 17:05:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{80961AF9-343A-4B24-8604-04760D306E12}
[2012/07/24 21:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Managed DirectX (0900)
[2012/07/24 21:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AB607CEF-F589-4FD4-9A6D-AF3F83A1ABA7}
[2012/07/24 21:22:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{39A3EE4B-F372-45D7-AD00-3256FF608800}
[2012/07/23 03:08:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E077B20C-C673-4717-99D2-DF526D79B5F2}
[2012/07/22 15:08:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EA33805E-505F-412B-9C6A-92DD58C40160}
[2012/07/21 15:33:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BD757B13-66A9-4FF7-A024-F2579191BF47}
[2012/07/21 15:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{576E114B-A644-4E22-9C88-200ED1FC6E35}
[2012/07/20 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E5B0C9D-31AE-4F9C-98D0-BD8A2811EB8A}
[2012/07/20 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{08C77AA0-0386-4947-989A-27177D45F596}
[2012/07/19 12:37:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0C1C168D-8F75-4980-A90C-E607DB87CCB0}
[2012/07/19 12:37:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{81578A20-50AA-4A83-BE47-164DEB63969D}
[2012/07/18 12:20:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6730CC33-50D8-4AE4-AB66-0A6397F13416}
[2012/07/18 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B872CB37-8540-4DE8-96E1-EA36919EFB13}
[2012/07/18 00:19:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{63913451-7E7A-4B00-9A1F-5D0AC6B25780}
[2012/07/17 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{55DE7172-CBCC-46CB-8E74-4935024CEDED}
[2012/07/17 12:18:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{577CC850-1841-4D47-AE07-3403E14D7321}
[2012/07/16 23:07:50 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DIE SIEDLER - DEdK
[2012/07/16 22:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/07/16 19:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/16 19:55:53 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/07/16 19:55:53 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/16 19:55:53 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/16 19:55:52 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/16 19:55:52 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/16 19:55:52 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/16 19:55:52 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/16 19:55:52 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/16 19:55:52 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/16 19:55:52 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/16 19:55:52 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/16 19:55:52 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/16 19:55:52 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/16 19:55:52 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/16 19:55:52 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/16 19:55:52 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/16 19:55:52 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/16 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2A962C44-DC8D-4F53-AACD-43268A72B4E2}
[2012/07/16 19:36:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{652E9795-D552-4BF2-A651-AD895988BBA7}
[2012/07/14 23:09:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/07/14 23:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2012/07/14 23:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jowood
[2012/07/14 20:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2012/07/14 20:36:15 | 000,000,000 | ---D | C] -- C:\BlueByte
[2012/07/14 20:35:05 | 000,305,664 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012/07/14 19:20:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{14667B55-8A36-445A-BA81-083FDC41FC51}
[2012/07/14 19:20:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E0C10838-2AE6-4F6E-8EC2-7CDF6E3ADC87}
[2012/07/13 13:49:42 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ANNO 1404 Venedig
[2012/07/13 13:28:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{11DAB82C-1466-4E61-95B7-68D93C9F73DE}
[2012/07/13 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2CA25290-3FB4-4675-8739-8C7F161D6BCA}
[2012/07/12 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A7AEE7E3-51AE-4F01-BD7C-5D8F16CCAC5B}
[2012/07/12 14:35:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F6323BD-7F81-4A44-A605-AD9B392FC833}
[2012/07/12 14:14:04 | 000,155,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRT.dll
[2012/07/12 14:14:04 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2012/07/12 14:14:04 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRTREND.dll
[2012/07/12 14:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civilization-Call To Power
[2012/07/12 14:14:03 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft3.dll
[2012/07/12 14:14:02 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\strmdll.dll
[2012/07/12 14:14:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unam4ie.exe
[2012/07/12 14:14:00 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\danim.dll
[2012/07/12 14:14:00 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcut.dll
[2012/07/12 14:14:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz.drv
[2012/07/12 14:14:00 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012/07/12 14:14:00 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012/07/12 14:13:52 | 000,373,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCRTD.DLL
[2012/07/12 14:13:52 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSPDB50.DLL
[2012/07/12 14:12:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/07/12 02:34:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FF1900FB-6ED2-447A-A9EE-C142CA8A9DAC}
[2012/07/12 02:34:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9A64E1BE-0163-426D-909A-3B238DDB130F}
[2012/07/11 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012/07/11 14:44:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 14:44:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 14:44:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 14:44:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 14:44:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 14:44:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 14:44:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 14:44:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 14:44:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 14:44:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 14:44:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 14:44:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 14:44:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 14:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/11 14:38:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 14:38:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 14:38:28 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 14:38:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 14:38:26 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA4DF481-71CA-47B5-A046-41D3D8515647}
[2012/07/11 14:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D9D58DFA-D9B7-4D17-9C48-8FEE7ECDA05D}
[2012/07/09 16:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012/07/09 16:17:47 | 000,000,000 | ---D | C] -- C:\Sierra
[2012/07/09 15:51:13 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Games for Windows - LIVE Demos
[2012/07/09 15:46:02 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Spartan
[2012/07/09 15:37:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/07/09 15:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/07/09 15:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/07/09 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/09 14:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/09 14:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Staemp
[2012/07/09 11:49:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/07/09 09:31:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B57862D1-6F51-434D-AFEF-2EB203D572D0}
[2012/07/09 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1AB0CBAB-C855-4EB7-8669-7A2B9FC67942}
[2012/07/08 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ebay
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/07 15:06:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/08/07 15:04:50 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 15:04:50 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/07 14:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 14:57:14 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/07 11:33:56 | 103,156,487 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/06 18:20:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000UA.job
[2012/08/06 15:55:39 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/08/06 15:55:39 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/08/06 15:55:39 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/08/04 00:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000Core.job
[2012/08/03 23:04:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2012/08/03 23:04:47 | 000,001,855 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/31 21:58:58 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/31 21:58:58 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/31 21:58:58 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/31 21:58:58 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/31 21:58:58 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/25 17:04:51 | 000,291,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/20 19:17:07 | 003,026,601 | ---- | M] () -- C:\Users\User\Desktop\DSCF0185.JPG
[2012/07/16 23:07:31 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige.lnk
[2012/07/14 23:09:07 | 000,000,174 | ---- | M] () -- C:\Windows\DieVölker.ini
[2012/07/12 14:14:00 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2012/07/12 14:14:00 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2012/07/11 15:04:21 | 000,001,639 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012/07/11 15:02:31 | 000,000,224 | ---- | M] () -- C:\Windows\SIERRA.INI
[2012/07/09 14:44:39 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/03 23:04:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2012/08/03 23:04:47 | 000,001,855 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/20 19:17:02 | 003,026,601 | ---- | C] () -- C:\Users\User\Desktop\DSCF0185.JPG
[2012/07/20 19:15:27 | 002,948,266 | ---- | C] () -- C:\Users\User\Desktop\DSCF0209.JPG
[2012/07/16 23:07:31 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\DIE SIEDLER - Das Erbe der Könige.lnk
[2012/07/14 23:09:07 | 000,000,174 | ---- | C] () -- C:\Windows\DieVölker.ini
[2012/07/12 14:14:01 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/07/12 14:14:00 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2012/07/11 15:04:21 | 000,001,639 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2012/07/09 16:37:30 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/07/09 16:37:30 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/07/09 16:37:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/07/09 16:17:47 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012/07/09 14:44:39 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/06 20:44:42 | 000,000,051 | ---- | C] () -- C:\ProgramData\kxngbshzpjqkjbh
[2012/06/20 12:36:45 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/20 01:06:11 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/03/24 13:48:16 | 000,007,606 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2012/03/05 20:38:55 | 000,005,186 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/12/25 19:57:09 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/06 14:33:15 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/24 19:24:43 | 000,001,307 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/22 23:58:43 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/11 10:29:39 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
< End of report >
Geändert von Jumipa (07.08.2012 um 14:29 Uhr) |
|
07.08.2012, 15:34
| #2 |
| /// Helfer-Team  | OTL Analyse gemacht brauche HIIILFEEE :/ Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE:64bit: - HKLM\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE - HKLM\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=26bac9c00000000000006c626d797907
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes,DefaultScope = {44F7A61F-9D18-4690-BA3A-D09535B526C5}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=26bac9c00000000000006c626d797907
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DE30EB51-76A1-482F-9A35-8B8BE685A190}&mid=ce918a3e576b47d1ac8abd2b2b9d90f4-4049fe1f116b20e8418b0ff43950f3b8163b76e0&lang=de&ds=AVG&pr=fr&d=2012-02-27 16:34:59&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\SearchScopes\{E07C6860-2BE1-4A21-960A-2C1E4F426AFF}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "WiseConvert Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "WiseConvert Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
O2 - BHO: (no name) - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1000..\Run: [Internet Security] C:\Users\User\AppData\Roaming\isecurity.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1004..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-542328914-4254481120-2076068050-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012/07/14 20:35:05 | 000,305,664 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012/08/03 23:04:47 | 000,001,855 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/11 14:33:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FA4DF481-71CA-47B5-A046-41D3D8515647}
[2012/07/11 14:33:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D9D58DFA-D9B7-4D17-9C48-8FEE7ECDA05D}
[2012/08/06 18:20:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000UA.job
[2012/08/04 00:20:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000Core.job
[2012/08/03 23:04:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
07.08.2012, 17:31
| #3 |
| | OTL Analyse gemacht brauche HIIILFEEE :/ ok fehlermeldung ist weg scheint wie neu zu sein ^^
__________________. . . All processes killed ========== OTL ========== Service vToolbarUpdater11.2.0 stopped successfully! Service vToolbarUpdater11.2.0 deleted successfully! C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe moved successfully. Service Akamai stopped successfully! Service Akamai deleted successfully! c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-542328914-4254481120-2076068050-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44F7A61F-9D18-4690-BA3A-D09535B526C5}\ not found. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB275EF-0182-4489-B4A3-ADF752C3FCEF}\ not found. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EF58541-B3CD-4200-989B-A8A96DD0D2F9}\ not found. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E07C6860-2BE1-4A21-960A-2C1E4F426AFF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E07C6860-2BE1-4A21-960A-2C1E4F426AFF}\ not found. HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Yahoo" removed from browser.search.defaultenginename Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "chr-greentree_ff&type=386496&ilc=12" removed from browser.search.param.yahoo-fr Prefs.js: "WiseConvert Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage Prefs.js: 0 removed from network.proxy.type 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Easybits Recovery deleted successfully. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully. C:\Users\User\AppData\Local\Akamai\netsession_win.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock deleted successfully. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security deleted successfully. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1004\Software\Microsoft\Windows\CurrentVersion\Run\\HPAdvisorDock deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip moved successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1004\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-542328914-4254481120-2076068050-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\Windows\IsUn0407.exe moved successfully. C:\Windows\SysWow64\is-ORPN7.tmp deleted successfully. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully. C:\Users\User\AppData\Local\{FA4DF481-71CA-47B5-A046-41D3D8515647} folder moved successfully. C:\Users\User\AppData\Local\{D9D58DFA-D9B7-4D17-9C48-8FEE7ECDA05D} folder moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000UA.job moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-542328914-4254481120-2076068050-1000Core.job moved successfully. C:\ProgramData\23lldnur.pad moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\User\Desktop\cmd.bat deleted successfully. C:\Users\User\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: User ->Temp folder emptied: 4269554133 bytes ->Temporary Internet Files folder emptied: 141724231 bytes ->Java cache emptied: 84465040 bytes ->FireFox cache emptied: 55243853 bytes ->Flash cache emptied: 23530602 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 168397327 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 3606759530 bytes Total Files Cleaned = 7,963.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes User: User ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08072012_181502 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... |
|
07.08.2012, 17:33
| #4 |
| /// Helfer-Team | OTL Analyse gemacht brauche HIIILFEEE :/ Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
02.09.2012, 10:31
| #5 |
| /// Helfer-Team | OTL Analyse gemacht brauche HIIILFEEE :/ Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
13.09.2012, 14:27
| #6 |
| | OTL Analyse gemacht brauche HIIILFEEE :/ jap alles läuft wieder gut danke für die hilfe mailware hat paar zusätzliche bedrohungen erkannt alles läuft normal danke empfehle euch weiter  |
|
| Themen zu OTL Analyse gemacht brauche HIIILFEEE :/ |
| 1clickdownload, analyse, avg secure search, avg security toolbar, beheben, brauche, browser.exe, curse, diner dash, eintrag, fehlermeldung, grand theft auto, hiiilfeee, install.exe, limited.com/facebook, loganalyse, microsoft office starter 2010, nvidia update, picasa, poste, poweriso, safer networking, secure search, sierra, thread, visual studio, vtoolbarupdater, windows, wissen, würde, yontoo |
Linear-Darstellung
