| |
| |||||||
Log-Analyse und Auswertung: BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2012, 13:25
| #1 |
| |  BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? Hallo, ich bekomme seit einigen Tagen von Avira die Fehlermeldung: "In der Datei <<C:\$Recycle.Bin\...\n>> wurde ein Virus oder unerwünschtes Programm BDS/ZeroAccess.Gen gefunden". Sonst läuft das System aus meiner Sicht normal. Keine Beeinträchtigung der Internetverbindung, normale Geschwindigkeit etc. Habe mit Avira einen vollständigen Systemscan durchgeführt und bis auf die Datei wurde nichts gefunden. Malwarebytes und TDSSKiller zeigen ebenfalls keine Funde. Wie kann ich die Datei(en) entfernen ohne das System zu beschädigen? Oder hilft hier nur eine Neuinstallation? Danke schon mal für eure Hilfe! Hier ist die defogger Log-Datei: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:52 on 09/09/2012 (XXXXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 09.09.2012 13:52:43 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = D:\Eigene Dateien\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free 7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe PRC - [2012.08.08 18:57:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- P:\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- P:\Spybot - Search & Destroy\SDWinSec.exe PRC - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe ========== Modules (No Company Name) ========== MOD - [2011.03.18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe MOD - [2010.05.06 04:24:44 | 000,151,584 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2010.05.06 04:24:42 | 000,609,312 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.08.15 18:51:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.18 14:51:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.08 18:53:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:53:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- P:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- P:\Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.01 20:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.02 23:06:20 | 004,065,280 | ---- | M] (ANSYS, Inc.) [Disabled | Stopped] -- C:\Programme\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe -- (ANSYS, Inc. License Manager) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.09.06 23:11:16 | 000,035,840 | ---- | M] (Dassault Systemes) [Auto | Running] -- P:\CATIAV5R16\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 18:53:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 18:53:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.17 13:22:59 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.26 15:21:05 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.08 12:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV - [2011.01.28 14:04:50 | 000,008,198 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=1157&systemid=1&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5910&r=17360111c106pe465v145w46m1u190 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: P:\OFFICE~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: P:\OFFICE~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: P:\Mozilla Thunderbird\components [2011.07.28 12:08:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: P:\Firefox\components [2012.09.08 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: P:\Firefox\plugins [2012.07.27 19:12:52 | 000,000,000 | ---D | M] [2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions [2011.01.28 15:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.08 23:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions [2012.07.08 23:40:44 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2011.02.25 20:47:44 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 18:13:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\lpsg56fv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} O1 HOSTS File: ([2012.07.19 19:54:39 | 000,443,619 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15236 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office2010\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL (iMesh, Inc) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] P:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] P:\Office2010\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - P:\Office2010\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - P:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office2010\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - P:\ICQ7.4\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell - "" = AutoRun O33 - MountPoints2\{0574a7ed-2c4a-11e0-80b6-4487fc9fa8fa}\Shell\AutoRun\command - "" = R:\LaunchU3.exe -a O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell - "" = AutoRun O33 - MountPoints2\{4a86b261-e11f-11e0-acb9-4487fc9fa8fa}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.09 13:43:20 | 000,599,552 | ---- | C] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe [2012.09.07 20:44:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXX\AppData\Roaming\Malwarebytes [2012.09.07 20:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.07 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.07 20:43:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.24 13:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\371DA [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.09 13:52:04 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXX\defogger_reenable [2012.09.09 13:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.09 13:43:21 | 000,599,552 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Desktop\OTL.exe [2012.09.09 13:43:14 | 000,050,477 | ---- | M] () -- D:\Eigene Dateien\Desktop\Defogger.exe [2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 12:46:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 12:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.09 12:39:00 | 3214,204,928 | -HS- | M] () -- C:\hiberfil.sys [2012.09.09 12:03:13 | 027,896,540 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.09 12:03:13 | 008,747,562 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.09 12:03:13 | 008,739,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.09 12:03:13 | 007,872,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.09 12:03:13 | 000,005,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.21 10:59:26 | 000,000,125 | ---- | M] () -- C:\Windows\wininit.ini [2012.08.16 10:04:26 | 000,435,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.09 13:52:04 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\defogger_reenable [2012.09.09 13:43:13 | 000,050,477 | ---- | C] () -- D:\Eigene Dateien\Desktop\Defogger.exe [2012.08.21 10:59:26 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini [2012.06.28 18:23:54 | 000,004,608 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.12 21:41:27 | 000,004,614 | ---- | C] () -- C:\Users\XXXXXX\.recently-used.xbel [2011.09.01 20:15:01 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI [2011.07.22 19:19:26 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{99DCA071-82B5-48A8-B14B-7D2818AC516C} [2011.05.31 09:48:35 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.16 19:35:30 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\{B876362B-0F51-4B85-A0D3-7DAF1E0E015A} [2011.04.14 20:39:35 | 000,851,968 | ---- | C] () -- C:\Users\XXXXXX\file.rth [2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.full [2011.04.14 20:39:35 | 000,393,216 | ---- | C] () -- C:\Users\XXXXXX\file.esav [2011.04.14 20:39:35 | 000,001,710 | ---- | C] () -- C:\Users\XXXXXX\file.BCS [2011.04.14 20:39:35 | 000,000,151 | ---- | C] () -- C:\Users\XXXXXX\file.stat [2011.04.14 20:05:47 | 000,003,917 | ---- | C] () -- C:\Users\XXXXXX\file.err [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.26 10:29:55 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.28 13:09:16 | 000,007,599 | ---- | C] () -- C:\Users\XXXXXX\AppData\Local\Resmon.ResmonCfg [2011.01.27 21:11:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.12 14:08:18 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2011.04.15 14:02:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\anshelp [2011.05.14 16:07:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansoft [2011.04.23 20:25:23 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Ansys [2011.02.13 18:48:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Canon [2011.02.04 19:03:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DAEMON Tools Lite [2011.01.28 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DassaultSystemes [2011.11.11 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Dev-Cpp [2012.07.30 18:51:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoft [2011.02.25 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.12 21:41:27 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\gtk-2.0 [2011.01.28 12:51:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Helios [2012.05.05 11:24:47 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICAClient [2012.02.25 20:31:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\ICQ [2011.09.10 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Lionhead Studios [2011.01.26 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\OEM [2012.07.08 16:59:40 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\SoftGrid Client [2011.07.28 18:55:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Sony [2011.01.28 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\T-Online [2011.01.28 15:38:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\Thunderbird [2011.02.26 15:24:44 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TrueCrypt [2012.07.12 18:33:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\TuneUp Software [2011.03.02 21:17:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXX\AppData\Roaming\XnView [2012.08.18 18:10:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DED17083 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.09.2012 13:52:43 - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = D:\Eigene Dateien\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,98 Gb Paging File | 6,37 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,44 Gb Total Space | 12,42 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 78,73 Gb Total Space | 9,83 Gb Free Space | 12,49% Space Free | Partition Type: NTFS
Drive K: | 29,30 Gb Total Space | 27,92 Gb Free Space | 95,28% Space Free | Partition Type: NTFS
Drive L: | 39,06 Gb Total Space | 35,54 Gb Free Space | 90,98% Space Free | Partition Type: NTFS
Drive M: | 73,24 Gb Total Space | 64,17 Gb Free Space | 87,61% Space Free | Partition Type: NTFS
Drive N: | 73,24 Gb Total Space | 37,69 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 32,21 Gb Free Space | 32,98% Space Free | Partition Type: NTFS
Computer Name: NONAME | User Name: XXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "P:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- P:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14D94DE7-CBCB-45DF-AAF6-56C7C8D910F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1EA5C95D-A017-407A-9F1D-BE57A8576825}" = lport=445 | protocol=6 | dir=in | app=system |
"{200CBCE1-74D7-4FF3-9857-3045D10CF6FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{27766360-B01C-4F49-9BA5-532C24030F76}" = lport=137 | protocol=17 | dir=in | app=system |
"{31D9B472-219E-4A2D-ADBA-F1632F85B4D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5021F107-6F92-466C-9401-682A2EDAB3F2}" = lport=138 | protocol=17 | dir=in | app=system |
"{540EC77C-275E-4939-B2CF-64E295447349}" = lport=6004 | protocol=17 | dir=in | app=p:\office2010\office14\outlook.exe |
"{55C24B1D-A0C1-4593-AC83-91C04E76EF23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56703A41-8E90-42AA-AD3E-582FED0E03B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6E49A759-667E-41E0-A0FF-E2E5FF6861A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{881328EF-78EE-42DF-86CE-E219D34A876C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7236A31-919A-4AE6-A9F5-0BAD3CC7A794}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1097B2D-BC0D-4483-AFB6-8B12297293DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0543C28-7D2E-4083-B9F7-6F7E0E611C3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA3B4518-F05C-428E-ADA0-EE1E129AFC08}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03618570-ABA6-44F0-B42B-4C94A77DEFF4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{0EDB7E15-F2B0-4159-A5F1-B15CC5FB3972}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{12C93B20-D4A7-40CF-A10B-6197FC1E7274}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{134C9A17-3CB4-4AA1-A3F6-686377FFBFDB}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"{1C3B1DCB-DC9B-416A-AEFE-6E6401F6D2AD}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{1D8AABEC-5B7B-4394-931F-309CBA25F601}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1E6699E2-CB6B-4A96-BFA9-F08E4EFC67DC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{268E0A85-6EC3-4EFB-B939-777349CB6284}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{28C94C6D-1BCC-4855-AF89-0B569130F6A4}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{2E98B05E-CFAE-44BF-93EA-96C8EF8228BB}" = protocol=6 | dir=in | app=p:\steam\steam.exe |
"{3393C40E-009D-4D79-83D1-A4543766E09D}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe |
"{39ED290E-1769-4753-AA5C-DB9DC7A11A2F}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"{40028AFD-06B2-4DF4-A2A4-E4B04BBB2933}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{45ADB3D3-FB0B-4674-B790-772E3794B0AC}" = protocol=17 | dir=in | app=p:\office2010\office14\groove.exe |
"{47227717-D7B1-43EE-BCE3-0CF472BF192C}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{52D030A3-B58E-46CF-BD1E-BF084A596753}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5326CB67-3784-4E24-A93F-9B21EEFCD10F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
"{54580285-26ED-4997-B799-1F4228EFBCB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{642E6FF3-E0F0-4D45-BDBA-23C76725AA22}" = protocol=6 | dir=in | app=p:\steam\steam.exe |
"{64628816-6CF4-44C3-A1AD-902C3F13CADC}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe |
"{6F802B5A-24B1-49F1-8481-A241D6CDDDDB}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe |
"{701A2416-1003-4DDD-8A23-1B6458918CF1}" = protocol=17 | dir=in | app=p:\steam\steam.exe |
"{722EEC6F-8BAF-4580-B5BB-BC3ADB390402}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"{7234945D-DC46-4D29-B8D5-45707E9CF099}" = protocol=6 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe |
"{748FCD31-4267-44E5-B6A8-43DCC55D3CCC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7C23AE58-45C1-41E2-B1A8-F5A18A9D049D}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\ansoftrsmservice.exe |
"{7FFFF2EF-4399-498B-B65B-46A3DD717250}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{8432F022-5538-445A-B825-FCA713008581}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{890C6BEE-2335-4F7F-AB7D-FE04F9F91AA6}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"{89FE2993-E60A-40D6-A6E2-A7BBE1DB6953}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{8ABE7E11-70F7-4FDB-B8A8-ABCFF9EE648C}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe |
"{8CD3FF64-9B1B-4E06-B31C-F099977216CE}" = protocol=6 | dir=in | app=p:\office2010\office14\groove.exe |
"{8F34E0B0-769A-40CE-BE1C-5393438CB803}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{92EE3E74-262F-4768-AB8C-E60BD41CDF78}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\desktopproxy.exe |
"{9C760A76-61E6-4A81-8085-054A8690F111}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe |
"{A517C298-E844-43DF-99FB-76DDA43745F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A5C9C988-3C60-4C6E-A07C-8C841BE330AB}" = protocol=17 | dir=in | app=p:\office2010\office14\onenote.exe |
"{A76FD036-3398-460B-8F0B-81169123082A}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{A9DD0E57-33C0-4616-B330-C385819E4314}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{AD63BA9D-D561-4F8D-9D02-F9167AAC1787}" = protocol=6 | dir=in | app=p:\microsoft office\office12\onenote.exe |
"{AFC4A08A-F4D6-4DF7-885E-E8C0F52A9CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{B43563B9-D7AF-4C3D-A452-4A4C2364E4AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3960EE0-71ED-45FA-B32E-37C874CD3F90}" = protocol=17 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{C91B15F4-992C-4620-923C-82CC22DA165F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{CCADCABC-BE30-4394-B968-5D476B11246A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\desktopproxy.exe |
"{D09A1AEA-B570-4C53-AF34-47D783088AE3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{D20DF90A-D031-40FC-B0FF-F7530E193870}" = protocol=17 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe |
"{D2BDCF9A-2309-4615-BDFE-4F1C3A809F43}" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\ansoftrsmservice.exe |
"{D493ED47-4E5C-424D-8EF9-B447B6E4629E}" = protocol=17 | dir=in | app=p:\steam\steamapps\common\risen 2\system\risen2.exe |
"{DC2728A1-FC7B-42C0-B44F-065C5E3DB0CD}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{E6A01AB2-B76E-4F0B-A1BF-90AED7EA32D7}" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\desktopproxy.exe |
"{E6E77709-B702-4E7E-901C-7752B2326818}" = protocol=6 | dir=in | app=p:\office2010\office14\onenote.exe |
"{E73366B5-DA52-43B3-85B9-9D674CC4698A}" = protocol=6 | dir=in | app=p:\ansoft\maxwell13\maxwell13\maxwell.exe |
"{E944C041-61FE-497F-8B90-8E90EB5D2CFD}" = protocol=17 | dir=in | app=p:\microsoft office\office12\onenote.exe |
"{EA9E08F9-17E4-4AF5-9EB6-D7E7617FE806}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F2A40DB3-0D47-4D3D-8BA2-178D23E17BC8}" = protocol=6 | dir=in | app=p:\icq7.4\icq7.5\icq.exe |
"{F5A5358E-42B0-453D-8FF7-6F84EB004869}" = protocol=17 | dir=in | app=p:\steam\steam.exe |
"{F5CED08F-D11F-43D9-AD9C-3F5ADBC6FB15}" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe |
"{F91E72DD-7DD7-4933-9B18-92C66625B9C7}" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\ansoftrsmservice.exe |
"TCP Query User{07E5B3D2-D168-41D9-97CB-4CCA1B8A783F}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"TCP Query User{1BBAEA4D-36D0-4DEC-9F08-0562AD77859B}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe |
"TCP Query User{43806F10-EF3B-4366-B117-B133A8B24C50}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=6 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"TCP Query User{465977BF-2CE1-4728-BF06-31B6561058A6}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe |
"TCP Query User{490FBB73-26E1-4AA3-BB49-FC122B79C95A}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=6 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe |
"TCP Query User{65E73695-61BA-41B1-A719-FED8A52B9607}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe |
"TCP Query User{67332BA4-C303-43C7-A7FA-A1012F1FF55A}P:\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=p:\videolan\vlc\vlc.exe |
"TCP Query User{7EC2B4D5-EE55-4573-BA83-BD81941BB205}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=6 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"TCP Query User{A2D7CACA-D9EB-436A-BB0F-94ACF601CA9E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe |
"TCP Query User{DBCEB2E2-4146-4B81-A0C6-D5A39465B684}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=6 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe |
"TCP Query User{FC659AC0-F6D7-4A9F-A908-C95EEE411AB5}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{07DAB663-6D3E-43AC-B544-E28B955293E1}P:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\aisol\bin\winx64\ansyswbu.exe |
"UDP Query User{16B20AD3-D7FF-4757-897E-A53B4BE4D38E}P:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\jre\winx64\bin\java.exe |
"UDP Query User{1A5F9F4E-C674-4007-8383-822D12C5C915}P:\catiav5r16\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=p:\catiav5r16\intel_a\code\bin\cnext.exe |
"UDP Query User{2704E31F-376B-4228-AFA2-F04EBD69B765}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"UDP Query User{4EEFB4E3-73E3-41D8-A274-418E32C77519}P:\ansoft\maxwell14.0\maxcir.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxcir.exe |
"UDP Query User{5AD3CB4A-2109-4F52-AA9F-E30200F9926D}P:\ansoft\maxwell14.0\maxwell.exe" = protocol=17 | dir=in | app=p:\ansoft\maxwell14.0\maxwell.exe |
"UDP Query User{75C941F0-850E-40BD-9765-DFE4CB7E86E5}P:\ansys inc\shared files\licensing\winx64\ansysli_client.exe" = protocol=17 | dir=in | app=p:\ansys inc\shared files\licensing\winx64\ansysli_client.exe |
"UDP Query User{B81708C4-A7D8-4094-A705-5D86001B628C}P:\ansoft\simplorer9.0\simplorer.exe" = protocol=17 | dir=in | app=p:\ansoft\simplorer9.0\simplorer.exe |
"UDP Query User{C92ED6E7-A827-4723-9F42-05005C5D7E20}P:\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=p:\videolan\vlc\vlc.exe |
"UDP Query User{E3BD8EE2-A9A4-4943-B4A4-6BE2DFD5DA5C}P:\ansys inc\v121\framework\bin\win64\ansysfww.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\framework\bin\win64\ansysfww.exe |
"UDP Query User{F12DEC18-59A0-41DB-A32A-C2FFD684C4AB}P:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=p:\ansys inc\v121\commonfiles\tcl\bin\winx64\wish.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Dassault Systemes B16_0" = Dassault Systemes Software B16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0242111E-DC9B-4054-B3C6-396FCE82342A}" = PExprt v7.0
"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish
"{46710AEB-ACE9-4386-9DFB-8B65153BFA74}" = REALTEK Wireless LAN Driver
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard
"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional
"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese
"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek
"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All
"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation
"{8f9d5e25-6d54-4b98-a0fd-c0e10f922788}" = Nero 9 Essentials
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CCE56E-8BE5-4179-A816-F536697434E6}" = Ansoft Simplorer v9.0
"{A8097381-76F0-44C3-98F3-BA71CC866A96}" = Ansoft Maxwell 14.0.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French
"{C5A177BB-C3D8-4395-A088-31A69837A648}" = Ansoft Maxwell 13.0
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DAEMON Tools Lite" = DAEMON Tools Lite
"DCTnet" = DCTnet (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.15.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Gourmet Recipe Manager" = Gourmet (nur entfernen)
"Gtk+ Runtime Environment" = Gtk+ Runtime Environment 2.12.9-2
"HaaliMkx" = Haali Media Splitter
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"iMesh" = iMesh
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"pdfsam" = pdfsam
"PowerISO" = PowerISO
"SDR2" = Schlag den Raab - Das 2. Spiel
"SkyTest® FQ-Trainingssoftware_is1" = SkyTest® FQ-Trainingssoftware 2.0
"Steam App 40390" = Risen 2 - Dark Waters
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2012 04:56:19 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 08.09.2012 05:01:17 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LogonUI.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79f70 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x13a4 Startzeit der fehlerhaften Anwendung: 0x01cd8da0805d8b07
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\LogonUI.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: bf3da100-f993-11e1-9fc4-4487fc9fa8fa
Error - 08.09.2012 12:09:49 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmiprvse.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79d42 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xe58 Startzeit der fehlerhaften Anwendung: 0x01cd8ddc5cbabfe7
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\wbem\wmiprvse.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 9cff6ab3-f9cf-11e1-8101-4487fc9fa8fa
Error - 08.09.2012 13:09:00 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: consent.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79e79 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xfec Startzeit der fehlerhaften Anwendung: 0x01cd8de4a0fe7af2
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\consent.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e1b5e4b9-f9d7-11e1-9bff-4487fc9fa8fa
Error - 08.09.2012 14:33:14 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sdclt.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79920 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x640 Startzeit der fehlerhaften Anwendung: 0x01cd8df06696316d
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\sdclt.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a5d33012-f9e3-11e1-8a86-4487fc9fa8fa
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 09.09.2012 06:03:10 | Computer Name = NoName | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 09.09.2012 06:39:25 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLIDSvcM.exe, Version: 6.500.3165.0,
Zeitstempel: 0x4a8b055b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0xa18 Startzeit der fehlerhaften Anwendung: 0x01cd8e775e782315
Pfad
der fehlerhaften Anwendung: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLIDSvcM.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung:
9f6cf3b6-fa6a-11e1-ac55-4487fc9fa8fa
Error - 09.09.2012 07:12:07 | Computer Name = NoName | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a
ID
des fehlerhaften Prozesses: 0x108c Startzeit der fehlerhaften Anwendung: 0x01cd8e7bf2b2a29e
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3104a4ee-fa6f-11e1-ac55-4487fc9fa8fa
[ Media Center Events ]
Error - 03.05.2011 05:51:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:51:58 - Fehler beim Herstellen der Internetverbindung. 11:51:58
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 05:52:14 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 11:52:03 - Fehler beim Herstellen der Internetverbindung. 11:52:03
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 11:05:04 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:04 - Fehler beim Herstellen der Internetverbindung. 17:05:04
- Serververbindung konnte nicht hergestellt werden..
Error - 03.05.2011 11:05:15 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 17:05:09 - Fehler beim Herstellen der Internetverbindung. 17:05:09
- Serververbindung konnte nicht hergestellt werden..
Error - 06.05.2011 06:30:29 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:29 - Fehler beim Herstellen der Internetverbindung. 12:30:29
- Serververbindung konnte nicht hergestellt werden..
Error - 06.05.2011 06:30:39 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 12:30:34 - Fehler beim Herstellen der Internetverbindung. 12:30:34
- Serververbindung konnte nicht hergestellt werden..
Error - 12.05.2011 07:10:31 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:30 - Fehler beim Herstellen der Internetverbindung. 13:10:31
- Serververbindung konnte nicht hergestellt werden..
Error - 12.05.2011 07:10:40 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 13:10:36 - Fehler beim Herstellen der Internetverbindung. 13:10:36
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2011 10:28:58 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:28:58 - Fehler beim Herstellen der Internetverbindung. 16:28:58
- Serververbindung konnte nicht hergestellt werden..
Error - 17.05.2011 10:29:08 | Computer Name = NoName | Source = MCUpdate | ID = 0
Description = 16:29:03 - Fehler beim Herstellen der Internetverbindung. 16:29:03
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 10.03.2011 13:45:53 | Computer Name = NoName | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 199
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 22.08.2012 07:20:42 | Computer Name = NoName | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 24.08.2012 16:41:48 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?08.?2012 um 22:40:18 unerwartet heruntergefahren.
Error - 25.08.2012 14:36:58 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 29.08.2012 08:21:34 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.09.2012 04:59:26 | Computer Name = NoName | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 04.09.2012 10:24:04 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMD External Events Utility erreicht.
Error - 08.09.2012 14:13:12 | Computer Name = NoName | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 08.09.2012 14:25:18 | Computer Name = NoName | Source = DCOM | ID = 10010
Description =
Error - 08.09.2012 14:28:06 | Computer Name = NoName | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?09.?2012 um 20:27:12 unerwartet heruntergefahren.
< End of report >
|
| Themen zu BDS\ZeroAccess in C:\$Recycle.Bin - Wie werde ich das los? |
| 7-zip, antivir, autorun, avira, bds/zeroaccess.gen, bho, bonjour, browser, converter, dllhost.exe, document, ebay, entfernen, error, firefox, flash player, grand theft auto, home, install.exe, locker, log-datei, logfile, microsoft office starter 2010, mp3, mywinlocker, ntdll.dll, office 2007, plug-in, poweriso, programm, realtek, recycle.bin, registry, safer networking, security, senden, super, svchost.exe, system, virus, win64, windows |
Baum-Darstellung