| |
| |||||||
Log-Analyse und Auswertung: "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.12.2012, 18:02
| #1 |
| |  "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt Guten Tag, ich habe die Forensuche schon nach meinem Problem bemüht und habe einige Threads gefunden, die meine Symptome beschreiben. Gemäß den 7 Goldenen Regeln habe ich mich aber entschieden, den dort aufgeführten Problembehandlungen nicht zu folgen, da es sich teilweise auch um 32bit Systeme und andere Vorraussetzungen handelte. Seit einiger Zeit wird mein Laptop immer langsamer. Zuerst habe ich das auf zunehmende Verschmutzung und zu viel belegtem Speicherplatz geschoben, allerdings leistete eine äußerliche und eine digitale "Säuberung" keine Abhilfe. Dann fiel mir auf, dass wie im Betreff beschrieben beim Systemstart "C:\Windows\System32\cmd.exe" ausgeführt (Frage am Rande: ist das die Konsole?) wird. Leider geht das so schnell, dass ich weder lesen kann, was genau dort ausgeführt wird noch die Screenshot-Taste drücken konnte. Ich kenne mich mit Viren, Trojanern und Schadsoftware leider nicht aus und möchte euch daher bitten, einmal einen Blick auf meine OTL- und Extras-Loggs zu werfen: OTL logfile created on: 16.12.2012 17:29:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NAME_GEÄNDERT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,87 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 77,66% Memory free 15,73 Gb Paging File | 13,80 Gb Available in Paging File | 87,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 51,06 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Drive D: | 3,69 Gb Total Space | 2,84 Gb Free Space | 77,06% Space Free | Partition Type: FAT32 Computer Name: NAME_GEÄNDERT | User Name: NAME_GEÄNDERT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.16 17:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe PRC - [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe PRC - [2012.08.09 11:27:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.14 13:43:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 13:43:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.14 13:43:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 13:43:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 13:43:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.17 16:29:06 | 002,245,632 | ---- | M] () -- C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe PRC - [2010.06.25 09:08:30 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe PRC - [2009.09.05 09:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe PRC - [2009.09.05 09:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.08.07 13:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Modules (No Company Name) ========== MOD - [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe MOD - [2011.01.17 16:29:06 | 002,245,632 | ---- | M] () -- C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010.06.25 09:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.05.27 05:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.03.09 01:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom) SRV:64bit: - [2010.02.26 18:58:06 | 000,783,392 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.12.13 12:30:41 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.14 13:43:37 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 13:43:36 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFireWallService) SRV - [2012.05.14 13:43:36 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 13:43:36 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 13:43:36 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.24 01:01:27 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.05 09:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.08.07 13:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.07 13:47:55 | 000,140,936 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.11.07 13:47:55 | 000,114,168 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.14 13:43:37 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 13:43:37 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.05.09 22:05:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.07 14:12:19 | 000,036,400 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.15 08:26:34 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\trustms.sys -- (trustms) DRV:64bit: - [2010.06.25 18:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 18:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 18:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 18:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 18:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 05:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.01.25 00:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.23 03:25:22 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.09.22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.09.21 03:20:48 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.03 11:15:26 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.07 13:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.07 08:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.05.19 14:59:00 | 000,014,848 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2008.04.24 11:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2007.04.25 11:50:04 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2007.02.16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: ALone-live%40ya.ru:1.3.8 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B87eab3b7-a707-4459-99ae-c2fa06cfa36b%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.19 14:58:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.19 14:58:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 00:03:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.08 00:03:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.02 12:44:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.02.24 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Extensions [2011.02.24 21:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.13 13:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions [2012.08.05 11:03:26 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions\ALone-live@ya.ru [2012.09.16 13:23:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\Firefox\Profiles\c050l76i.default\extensions\ich@maltegoetz.de [2012.12.13 13:05:41 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\extensions\firebug@software.joehewitt.com.xpi [2012.12.11 22:27:27 | 000,011,097 | ---- | M] () (No name found) -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\extensions\{87eab3b7-a707-4459-99ae-c2fa06cfa36b}.xpi [2011.12.19 15:25:26 | 000,000,933 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\11-suche.xml [2011.12.19 15:25:26 | 000,002,419 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\englische-ergebnisse.xml [2011.12.19 15:25:26 | 000,010,525 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\gmx-suche.xml [2011.04.25 08:54:12 | 000,003,312 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\kinoto.xml [2011.12.19 15:25:26 | 000,002,457 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\lastminute.xml [2011.12.19 15:25:26 | 000,005,508 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\webde-suche.xml [2011.04.03 13:16:21 | 000,001,328 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\wikipedia-de.xml [2011.11.20 22:34:31 | 000,002,168 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\mozilla\firefox\profiles\c050l76i.default\searchplugins\youtube-videosuche.xml [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.08 00:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\{87EAB3B7-A707-4459-99AE-C2FA06CFA36B}.XPI File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\ALONE-LIVE@YA.RU File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C050L76I.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE [2012.12.08 00:03:14 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 21:43:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 14:04:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 21:43:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 21:43:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 21:43:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 21:43:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.01 14:46:27 | 000,001,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Trust Gaming Mouse] C:\Program Files (x86)\Trust Gaming Mouse\Mouse.exe () O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\NAME_GEÄNDERT\AppData\Local\Akamai\netsession_win.exe File not found O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Google Update] "C:\Users\NAME_GEÄNDERT\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3FF725-A739-4FC4-8EFB-A011845BBEA2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.24 20:48:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{ad0f8237-fc73-11e0-b8b3-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{ad0f8237-fc73-11e0-b8b3-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{ad0f823d-fc73-11e0-b8b3-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{ad0f823d-fc73-11e0-b8b3-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{c6d86f2b-2eda-11e0-b5e1-18f46abbc8bd}\Shell - "" = AutoRun O33 - MountPoints2\{c6d86f2b-2eda-11e0-b5e1-18f46abbc8bd}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e0240958-78e8-11e1-b867-1c750840180a}\Shell - "" = AutoRun O33 - MountPoints2\{e0240958-78e8-11e1-b867-1c750840180a}\Shell\AutoRun\command - "" = D:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.16 17:27:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe [2012.12.16 17:04:29 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\NAME_GEÄNDERT\Desktop\HijackThis.exe [2012.12.14 17:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.12.14 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Google [2012.12.14 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\Desktop\two door cinema club [2012.12.13 19:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metro 2033 [2012.12.13 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz [2012.12.13 12:09:44 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2012.12.08 00:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 23:01:53 | 004,702,459 | ---- | C] (FileZilla Project) -- C:\Users\NAME_GEÄNDERT\Desktop\FileZilla_3.6.0.2_win32-setup.exe [2012.12.02 22:22:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.02 22:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.02 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.02 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Apple Computer [2012.12.02 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1 [2012.12.02 12:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.02 12:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.02 12:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.12.02 12:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.12.02 12:42:19 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Apple [2012.12.02 12:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.02 12:03:13 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Macromedia [2012.11.30 15:09:05 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\EgisTec IPS [2012.11.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.11.29 20:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.11.29 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.11.29 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.11.29 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.11.29 20:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.11.29 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.11.29 20:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.11.20 21:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2012.11.20 21:31:52 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Audacity [2012.11.20 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012.11.20 21:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar [2012.11.20 21:21:40 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TuneUp Software [2012.11.20 21:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.11.20 21:21:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.11.20 21:21:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.20 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No23 Recorder [2012.11.20 20:01:24 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Local\Spotify [2012.11.20 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\NAME_GEÄNDERT\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\NAME_GEÄNDERT\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\NAME_GEÄNDERT\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\NAME_GEÄNDERT\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.12.16 17:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347292157-3042307878-621166202-1000UA.job [2012.12.16 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.16 17:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NAME_GEÄNDERT\Desktop\OTL.exe [2012.12.16 17:26:25 | 000,000,000 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\defogger_reenable [2012.12.16 17:25:32 | 000,050,477 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe [2012.12.16 17:21:22 | 000,312,506 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.jpg [2012.12.16 17:21:22 | 000,014,516 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\recently-used.xbel [2012.12.16 17:21:13 | 000,654,611 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.png [2012.12.16 17:20:07 | 006,221,923 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.xcf [2012.12.16 17:08:38 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.16 17:08:38 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.16 17:08:38 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.16 17:08:38 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.16 17:08:38 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.16 17:06:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 17:06:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 17:04:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\NAME_GEÄNDERT\Desktop\HijackThis.exe [2012.12.16 16:58:47 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.16 16:57:28 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.12.16 16:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.16 16:57:01 | 2039,566,335 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 18:35:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.14 16:53:22 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.12.14 14:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2347292157-3042307878-621166202-1000Core.job [2012.12.13 19:08:05 | 000,000,221 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Metro 2033.url [2012.12.13 18:48:59 | 074,331,423 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\metro2033.exe [2012.12.13 18:20:59 | 000,000,287 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\VersionChecker_17.xml [2012.12.13 17:47:28 | 008,196,545 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Tatorte_Städtebau_M14_ws_12_13.pdf [2012.12.13 16:46:01 | 000,468,797 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz .zip [2012.12.13 16:45:49 | 000,038,277 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\121217_4.2.Ue9.pdf [2012.12.13 12:13:04 | 005,200,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.11 23:21:21 | 000,039,204 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_10.pdf [2012.12.11 22:42:14 | 000,007,597 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\Resmon.ResmonCfg [2012.12.11 20:20:44 | 000,225,402 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\spbg.png [2012.12.11 19:13:20 | 000,040,975 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\6155157840.jpg [2012.12.07 20:02:02 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT [2012.12.07 20:00:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.12.07 19:34:13 | 000,026,193 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\98804719.png [2012.12.03 22:52:55 | 000,073,613 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_03.pdf [2012.12.02 23:02:13 | 004,702,459 | ---- | M] (FileZilla Project) -- C:\Users\NAME_GEÄNDERT\Desktop\FileZilla_3.6.0.2_win32-setup.exe [2012.12.02 22:53:52 | 000,207,131 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\sockel.skp [2012.12.02 21:51:04 | 000,197,820 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skp [2012.12.02 20:56:33 | 000,165,717 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skb [2012.12.02 19:42:27 | 000,141,982 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\Sockelgroß.pdf [2012.12.02 17:18:23 | 000,065,216 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\Desktop\fertig1.pdf [2012.11.29 20:55:42 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.21 20:14:51 | 000,001,482 | ---- | M] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\RecConfig.xml ========== Files Created - No Company Name ========== [2012.12.16 17:26:25 | 000,000,000 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\defogger_reenable [2012.12.16 17:25:32 | 000,050,477 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Defogger.exe [2012.12.16 17:21:22 | 000,312,506 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.jpg [2012.12.16 17:21:22 | 000,014,516 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\recently-used.xbel [2012.12.16 17:21:12 | 000,654,611 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.png [2012.12.16 17:20:07 | 006,221,923 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\le fantastique.xcf [2012.12.13 19:08:05 | 000,000,221 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Metro 2033.url [2012.12.13 18:47:18 | 074,331,423 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\metro2033.exe [2012.12.13 17:47:06 | 008,196,545 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Tatorte_Städtebau_M14_ws_12_13.pdf [2012.12.13 16:46:01 | 000,468,797 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Aufgabe Mu nkershu ttenplatz .zip [2012.12.13 16:45:48 | 000,038,277 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\121217_4.2.Ue9.pdf [2012.12.13 12:01:45 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012.12.13 12:01:45 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012.12.13 12:01:42 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012.12.13 12:01:40 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof [2012.12.13 12:01:37 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012.12.11 23:21:20 | 000,039,204 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_10.pdf [2012.12.11 20:20:43 | 000,225,402 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\spbg.png [2012.12.11 19:12:54 | 000,040,975 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\6155157840.jpg [2012.12.07 19:34:12 | 000,026,193 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\98804719.png [2012.12.03 22:52:54 | 000,073,613 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Protokoll_12_12_03.pdf [2012.12.02 22:53:49 | 000,207,131 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\sockel.skp [2012.12.02 21:04:22 | 000,165,717 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skb [2012.12.02 20:56:11 | 000,197,820 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fassade.skp [2012.12.02 19:42:27 | 000,141,982 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\Sockelgroß.pdf [2012.12.02 17:18:22 | 000,065,216 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\Desktop\fertig1.pdf [2012.12.02 12:42:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.20 21:31:35 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012.11.20 21:01:20 | 000,001,482 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\RecConfig.xml [2012.11.20 20:01:24 | 000,001,800 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.11.12 00:40:30 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012.07.12 15:16:55 | 000,000,397 | ---- | C] () -- C:\Windows\barcode.ini [2012.05.09 19:12:01 | 000,000,287 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\VersionChecker_17.xml [2012.04.03 16:58:49 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012.03.28 16:19:42 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2012.03.27 11:16:34 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.01 17:17:00 | 000,000,507 | ---- | C] () -- C:\Windows\FanControl.INI [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.11.29 15:15:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.11.29 15:14:56 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.11.29 15:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.11.29 15:13:12 | 000,022,898 | ---- | C] () -- C:\Windows\HL-3040CN.INI [2011.11.29 15:12:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2011.11.29 15:12:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2011.11.29 15:12:43 | 000,000,402 | ---- | C] () -- C:\Windows\Brownie.ini [2011.11.27 23:31:34 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.11.19 18:41:36 | 000,007,597 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\Resmon.ResmonCfg [2011.08.09 15:12:02 | 001,197,521 | ---- | C] () -- C:\Windows\unins000.exe [2011.08.09 15:12:01 | 000,018,104 | ---- | C] () -- C:\Windows\unins000.dat [2011.03.25 13:50:13 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI [2011.03.25 13:33:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Horn Section [2011.03.25 13:33:42 | 000,000,268 | RH-- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Helper Scripts [2011.03.25 13:33:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2011.03.25 13:33:42 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Image Manipulation [2011.03.25 13:31:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Home [2011.03.25 13:31:20 | 000,000,268 | RH-- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Halftone [2011.03.25 13:31:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.03.25 13:31:20 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Morph [2011.03.09 23:17:46 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.02 15:34:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011.03.02 15:34:37 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011.02.27 12:59:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.01.31 09:58:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.01.30 12:47:05 | 000,017,408 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\WebpageIcons.db [2011.01.26 15:35:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.13 10:22:18 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\NAME_GEÄNDERT\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.20 22:03:26 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Audacity [2011.12.24 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Autodesk [2012.02.21 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Canneverbe Limited [2012.11.10 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.12.08 21:26:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.04.25 17:32:52 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\DAEMON Tools Lite [2012.10.17 22:23:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\DVDVideoSoft [2012.03.02 19:01:06 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Engelmann Media [2012.12.02 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1 [2012.12.04 00:31:46 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\FileZilla [2012.12.14 18:38:26 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\foobar2000 [2012.04.25 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\gtk-2.0 [2011.03.21 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\hdbADS [2011.03.14 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\inkscape [2011.07.10 19:40:14 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\iWin [2011.12.25 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\MAGIX [2012.05.15 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\MAXON [2012.05.09 19:11:32 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Nemetschek [2011.03.25 13:44:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Nikon [2011.04.01 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OCS [2012.11.20 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OpenCandy [2011.03.10 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\OpenOffice.org [2011.04.01 14:44:07 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Opera [2012.11.09 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Origin [2012.09.09 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\PunkBuster [2012.02.02 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Samsung [2011.09.16 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Scribus [2012.11.21 18:58:58 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Spotify [2012.11.11 02:47:42 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.07.21 16:18:36 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Steganos [2012.03.06 16:17:03 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\STRATO [2011.02.24 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Thunderbird [2011.03.09 23:20:09 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TP [2012.07.22 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TS3Client [2012.11.20 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\TuneUp Software [2012.09.05 17:36:12 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Ubisoft [2011.04.25 13:46:25 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\UHS Reader [2011.02.02 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\NAME_GEÄNDERT\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 995 bytes -> C:\Program Files\Common Files\System:TH8FOh2G6prmGuxbbM3QvWGsK9 @Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:bruQxKENphLyzm7o3ywzrgEn @Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:SgtaQ6U52c0P19fTmWXIQx @Alternate Data Stream - 1060 bytes -> C:\Program Files\Common Files\System:A3GJ9w1iAfbpdQsMsiSIGQ @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:E50C1642 < End of report > OTL Extras logfile created on: 16.12.2012 17:29:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NAME_GEÄNDERT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,87 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 77,66% Memory free 15,73 Gb Paging File | 13,80 Gb Available in Paging File | 87,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,16 Gb Total Space | 51,06 Gb Free Space | 11,42% Space Free | Partition Type: NTFS Drive D: | 3,69 Gb Total Space | 2,84 Gb Free Space | 77,06% Space Free | Partition Type: FAT32 Computer Name: LAPTOPNAME_GEÄNDERT | User Name: NAME_GEÄNDERT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B2929B-DD48-4D8B-B489-3AE929CCF81C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{055EFC2A-5AB7-40AC-A035-F4E2EB7B1F07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{07795352-32B3-4F37-86CE-C6A17804F977}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{07E8261D-1615-459F-AD88-900AE509D22A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11B33799-488E-449E-9A37-BD779E95EEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1EED6C85-964E-47B5-A7A4-8A6D3A6A07BF}" = rport=10243 | protocol=6 | dir=out | app=system | "{223D29A0-72E2-4AC5-B35E-A2420EE645C4}" = lport=52296 | protocol=6 | dir=in | name=akamai netsession interface | "{2D6D56DA-DB19-4795-A013-5ABA990E5CC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{32DF8E43-325E-4217-9EC9-69600F0FDA45}" = rport=138 | protocol=17 | dir=out | app=system | "{32FDD80C-7FB7-41BF-ADA3-BBF7AFAF627B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33101FF7-477E-4F78-A0FD-3742BE979B0E}" = lport=445 | protocol=6 | dir=in | app=system | "{339A80B8-3EB4-4A08-AEAD-2200BDA71BCF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{36669490-C31E-4607-8BE1-F9DFB11C3DA2}" = rport=139 | protocol=6 | dir=out | app=system | "{3A96BED1-2652-4898-ADAE-FC8E4E9058E3}" = rport=445 | protocol=6 | dir=out | app=system | "{3F16979C-1622-4628-A96B-D1BA8807619F}" = lport=137 | protocol=17 | dir=in | app=system | "{4428A35C-3E5B-4D5F-94FA-69D1121CF329}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{456E2D55-3E07-47A0-8876-580AC74C8DE2}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | "{4CE12E95-441F-4115-B099-BAF0FF6F237F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4DF58AC9-8FD0-4289-BB6C-21D2FB02A0AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{56391731-70CE-40AE-B743-76D9F64C263C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5CAC06BD-C125-4C7B-8C9C-81E28558377F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5CD443E7-FDFC-4D24-848E-B4E5EB2D6953}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{66659609-24F5-47B1-8056-56F0D6FD7B37}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{726F3FBF-51BE-4068-B839-61A42B5A005A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{7796B5B8-A575-4662-9053-2C4D7874A412}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7D74E4E3-4736-45AA-936D-972A6A0FC2E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80B50A6F-3592-4C5D-8B3A-C19943EB5723}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{81412B11-0BEF-40AC-AACA-3F0DA04C8D66}" = lport=139 | protocol=6 | dir=in | app=system | "{82B74C3A-2E8F-4632-B96A-C92F083ABC92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8D602881-4EB4-4CF5-B82E-2AADCC838FC9}" = rport=2869 | protocol=6 | dir=out | app=system | "{9973495A-641D-4808-840C-37C43F4348CD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A7701F21-0C0A-4E42-B7C7-6FB79CA0FF77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A7F7ACE1-58AF-4562-85F3-B831F85359C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B6B63CA1-4EB6-48ED-B66B-45A6593F2E6D}" = rport=137 | protocol=17 | dir=out | app=system | "{B712F4D3-A550-4325-AB53-4DAEB1AD98F4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{BEEB6F8A-A61E-4CB5-9EDC-07813F9E304C}" = lport=2869 | protocol=6 | dir=in | app=system | "{C0A85FD6-94AB-4B24-9982-3B49D8DC0B9D}" = lport=2869 | protocol=6 | dir=in | app=system | "{C0BC0A37-3135-47E6-8AAF-BCD9F59453EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C8AFB68E-4DD2-4B4A-BEFC-77C3CA35C5F8}" = lport=2869 | protocol=6 | dir=in | app=system | "{CD31C071-1001-4D0F-978B-5E37D3BA7B65}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D7A8F50D-6F65-4F31-8CF8-026B0FDCD70D}" = lport=138 | protocol=17 | dir=in | app=system | "{DBF45C84-539A-4701-94AA-1DEF4128A2B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DFB289B0-81D6-4662-97E5-B038E7A263F5}" = lport=10243 | protocol=6 | dir=in | app=system | "{E21E7D45-012C-4B1A-8291-6BA2F8E205C7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E41537B5-5E77-4FED-8EF7-3149FA0F8798}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F3F1DF78-133F-4DDD-887F-DFE369D852BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F78F8842-E0E6-4817-A67F-8D5C4198F968}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FAD741A4-261F-4311-8695-6DD777F26AE4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E2D5DC-8EAD-47E0-9B35-6E45232572DE}" = protocol=6 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\roaming\spotify\spotify.exe | "{038D33C8-21B1-47AA-BD8C-A6AE965B509A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{044942C0-2D53-46F4-9193-3DEA68E23D2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0928ED1E-1007-41B9-A6D3-3E8B4B186A93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{0BC45127-A752-4278-9C64-8CB62DA44598}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{16046521-D32F-4D3B-9BF0-04A22AC29947}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{16E0D004-B974-43FD-A28E-B03FD5AE65C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B6F1261-DE47-4C63-9509-DE1CF15E10DE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1E61FDAA-F024-474E-BF0C-F1843579B369}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{20232053-2D11-4D0F-AD25-306DCFC8EA2E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2574234A-77D5-45AC-AC79-6F26B0C851B5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{32C49D4D-67A1-4C6F-BA3E-99105CE192F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3C1ED6A4-9AA7-4D1D-B57E-50E2080BE3C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3F98ABB9-AC5E-4D26-9A85-3DF76A4D8021}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4752290B-9292-4E16-9160-29A3624DD49C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{48B0A4C5-C087-443E-BDF2-7D6383EB1093}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{4CC17B0D-1C17-4ED6-A927-979B3CD82837}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{4FCBA2BF-2FF5-4A1A-8727-B776BEF5BDF2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{525C611D-620D-4759-A365-70DA350B04D0}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{5BC65FC8-BC63-45E1-A8E7-6E245891979F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5C6FEE48-5CB1-4327-825A-7B61CE26729A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{64244320-52DB-480D-BCE3-1D14EA319982}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\half-life\hl.exe | "{675D4AE0-06E2-432B-B872-7FD80A1FDEFA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{67A3AA9C-12BE-4533-95F9-781D77BD4EFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{698F9CAB-9CB7-4BA2-8C55-618DEF9CE714}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{71D3BB3E-CC36-4EDE-B5E9-DE7634A7A606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7C79731C-E9FC-41DF-AC4E-92CA531CCD8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8307803C-D5F3-4E5E-B287-FEEE8A49A655}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{85BB8A48-D6EC-4366-B0E0-135CFECA0EFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89545E90-F481-425B-B9FB-85EB88A97439}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{8A50CD82-2C58-4F4E-9F75-801368385EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\half-life\hl.exe | "{8AF3EAD5-7140-4DBB-BBA8-833A386E654A}" = protocol=17 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\roaming\spotify\spotify.exe | "{8DCFC738-AE5E-4F2E-AF24-38FD78FBAB62}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{94A67968-82B8-4E69-A5BA-23B2E22F3306}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{998FB0DE-8E94-403A-ACD8-168A5EAAFAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{9BD31108-5E6D-4553-AE34-E10CD055646D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{A2416981-9640-4617-9F1A-635FFE37D1ED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{A4813D14-00A7-474B-9947-6589CB380D8E}" = protocol=6 | dir=out | app=system | "{A5279394-A57F-48D8-86EA-9B91D9C9EC2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AB9ABA5E-D1D4-4423-898E-EB9AF419BCA3}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | "{B2B43DB8-DBF7-412C-9D9D-0307839E6589}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B49781BF-283E-4D4A-97BA-0B66E802C92C}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{B49A0E44-9972-4608-8EFF-0363237606A9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{B887FC44-4C17-44DF-9F12-37DBA172289C}" = protocol=6 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\local\akamai\netsession_win.exe | "{BC242BBB-3CCA-40AB-A908-AD40BF1CF387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | "{BC932557-3476-4534-855B-A57465268AF1}" = protocol=17 | dir=in | app=c:\users\NAME_GEÄNDERT\appdata\local\akamai\netsession_win.exe | "{BE490076-51FD-4F58-A66E-998294898344}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BF807712-F7F3-44A6-A69E-3CB555AEFA22}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\counter-strike\hl.exe | "{C31E4F64-113A-4D41-968A-2F9B1305343F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C58ECF92-DA2F-4930-A0AE-A18227352260}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DA9CE098-3D13-4C59-89E3-ABB96D4BD167}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E0F0B9AA-FD7A-4DBA-99DA-9EE93A70A0C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E65D324D-40F3-4BF5-AF61-21DC5EBD807D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{ED28922D-94EC-4C6E-A7CF-699E8F444464}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F8BC7687-DED3-4BCD-9C14-1C1130A5FABE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{F8CBD3FD-BCDC-4D83-8DBD-4A15ED4CA8D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0099AD0F-9655-40AD-82FA-D1A49999BA56}G:\cod4\iw3mp.exe" = protocol=6 | dir=in | app=g:\cod4\iw3mp.exe | "TCP Query User{31FA47C3-A81C-466E-9BFD-05E006A61C11}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | "TCP Query User{37B0D8A2-A673-4E58-9E0D-FEA636226BB3}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | "TCP Query User{3CD33B8A-0C99-42B4-BD0C-ACBB8DD1ACD4}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "TCP Query User{53E2A662-DB0E-424F-920E-C1BA865D5B69}C:\program files (x86)\lucasarts\grim\grim fandango launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\grim\grim fandango launcher.exe | "TCP Query User{5593D532-93F7-488A-A084-C75582B82C16}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | "TCP Query User{5BDC6BB6-91DD-4F59-9265-6272C7FC8BAE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "TCP Query User{723647C4-CF53-4E6D-BC55-F96A648F8C33}C:\program files (x86)\microsoft games\crimson skies\crimson.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\crimson skies\crimson.icd | "TCP Query User{8AC72DBB-2526-4FFD-8A55-1A9024EECDB9}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{8FC1C5B9-E116-4403-A793-4F6444186CAF}C:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe | "TCP Query User{9D97320E-6819-4B77-97EC-467BE592FEB1}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | "TCP Query User{AABCE171-4195-4A6B-918C-FEE27827B67D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{BB73C522-3BE2-45C9-B2F0-D9B2AC8B1153}G:\cod4\iw3mphamachi 1.7.exe" = protocol=6 | dir=in | app=g:\cod4\iw3mphamachi 1.7.exe | "TCP Query User{BE2B1150-5288-4C59-AB2D-4D39834A5348}C:\windows\splwow64.exe" = protocol=6 | dir=in | app=c:\windows\splwow64.exe | "TCP Query User{CC700DB0-9495-4165-A472-F048A5A711B0}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{DB058794-3073-4BA9-A1E0-691226090E13}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{FB348A8F-36F7-459C-8D15-F56CB82C074E}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe | "UDP Query User{00824456-2C7B-4EDD-9085-5828FB07B335}C:\program files (x86)\microsoft games\crimson skies\crimson.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\crimson skies\crimson.icd | "UDP Query User{03B57896-5295-40C1-8B0F-DDAC363AC8EB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{102AF677-375E-4D44-B417-D1EBA7242BB0}C:\program files (x86)\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\vectorworks2012e.exe | "UDP Query User{2A37DC4D-47AB-4E15-9A2A-818EDBA919D9}C:\windows\splwow64.exe" = protocol=17 | dir=in | app=c:\windows\splwow64.exe | "UDP Query User{2D47751D-2AA4-4DF0-B751-E3B0E608F47C}G:\cod4\iw3mp.exe" = protocol=17 | dir=in | app=g:\cod4\iw3mp.exe | "UDP Query User{307EDF77-AED5-4758-966A-0B67EA1D65DB}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{32121B2E-1FA6-4368-9F2A-A59669E054A2}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe | "UDP Query User{6EB63FAC-4999-47CD-AE7A-BE8FD037941E}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | "UDP Query User{7505E024-8EE0-4DB1-91C3-CD0EC9D60FDF}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | "UDP Query User{83B0184B-9506-4A00-B70A-32A7A5E8BF4F}C:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2012\renderworks\cinerender 64bit.exe | "UDP Query User{90C6A15B-366C-4BA5-962C-B96EAC6EA057}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe | "UDP Query User{A86D539C-1CD4-4228-9453-FC2756828403}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{AC33C9A1-1D22-42AB-B558-7051DE84A7A3}C:\program files (x86)\lucasarts\grim\grim fandango launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\grim\grim fandango launcher.exe | "UDP Query User{B698B844-37F2-4DFF-8221-177B026D6725}C:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mycs0178\team fortress 2\hl2.exe | "UDP Query User{C32F5303-9F9F-4388-8E10-7F4E34CDAA5A}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{DC6FE210-1A81-4C64-B576-B259363DC957}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{F8F71A07-6D29-44BA-B19C-F44D768DAD78}G:\cod4\iw3mphamachi 1.7.exe" = protocol=17 | dir=in | app=g:\cod4\iw3mphamachi 1.7.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63591AAA-97F0-24A8-3EBD-174B5E35D6BF}" = ccc-utility64 "{63FC1F01-1232-B654-0C07-E1CD91B760E0}" = AMD Media Foundation Decoders "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{82C9101B-36EC-5821-DD8B-05480074A0B8}" = AMD Catalyst Install Manager "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) "GIMP-2_is1" = GIMP 2.8.0-rc1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02D0DF6E-BE8D-66B0-3C3F-ED0F395DF765}" = CCC Help Finnish "{032412BA-DE82-47C2-B414-A1C96822189B}" = Acer Arcade Instant On "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1395B38D-5889-19E5-D02E-BD1A02BF373B}" = CCC Help Spanish "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{13D5F9B6-D70A-DCCA-A00D-E43839CDFA83}" = CCC Help Chinese Standard "{1410D707-A9C3-2E70-9476-2427EC18134F}" = CCC Help Turkish "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37 "{27996809-446F-7261-6C69-6B654C656F6E}" = "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{35025CC2-7D0B-4C2C-9876-5E065731DF0F}" = Brother HL-3040CN "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AA9D712-182E-409C-ABBE-8E47CF05D926}_is1" = Trust Gaming Mouse Driver V1.1 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8 "{46AFD359-AAE9-2843-B7CE-10FB46C76E99}" = CCC Help German "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8 "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{57D5FAFB-30E8-63EB-D4F7-07298597578F}" = Catalyst Control Center "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™ "{5CAA69CD-9C1B-5604-B14B-8FAC2BC5E228}" = Catalyst Control Center InstallProxy "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7322467B-FAD1-5529-C4EF-7EA4BC17C0A2}" = CCC Help Korean "{74E4B282-F25A-53A1-BBA5-7A3EFB90FAF4}" = CCC Help Japanese "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe "{8AC115AA-27D2-4024-6E7D-D9FCD93D0487}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91EDBF6E-2260-646A-4D80-CB0802132736}" = Catalyst Control Center Localization All "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931AED36-CF8A-F34F-8C13-5C19010DF6C6}" = CCC Help French "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E75789D-E176-A72B-DE9E-D2AE63FE601B}" = Catalyst Control Center Graphics Previews Common "{9F711CB6-8E76-63DA-6ABA-C21B7C839CA5}" = CCC Help Russian "{A0E52598-872B-9E9A-181F-1A80C6AA4493}" = CCC Help Italian "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF322EC1-3499-45FD-9EDD-DCC7FD5C18DF}" = Autodesk SketchBookExpress 2011 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2F23819-54DB-4077-991E-1A322477253B}" = Python 2.6 PyGTK 2.24.0 "{B8C90283-AF97-2AD8-7DE1-5296254468F4}" = PX Profile Update "{BFA7A60F-D018-AF0D-47E9-A13D0219E86A}" = CCC Help Thai "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3C35CB3-82B6-F36F-B39A-B2AFAA74F7D2}" = CCC Help Norwegian "{C47C2F4D-4419-D823-C272-325FD9B92415}" = CCC Help Czech "{C68C6E34-A103-F7BC-8682-C1C4190BAC1F}" = CCC Help Greek "{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6 "{D0251102-442C-6FE0-4FDC-2ACF2AD2A2A5}" = CCC Help English "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "{D2A90CAF-AF34-C526-D4C7-AE4FF4547B66}" = CCC Help Polish "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5C76964-F17B-7FCB-958F-1C067A2D217C}" = CCC Help Swedish "{E7E76AEC-266C-C1A0-E39B-21AB97402CA1}" = CCC Help Chinese Traditional "{E7F12C4C-9932-A039-4FAC-CAD1672EB633}" = CCC Help Hungarian "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EBE9A607-31AB-696D-5220-5098B61AA9B2}" = CCC Help Dutch "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FFAF4DB9-943E-97E5-051C-DC6C4E7094C0}" = CCC Help Danish "5513-1208-7298-9440" = JDownloader 0.9 "Acer Registration" = Acer Registration "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0.2 "Avira AntiVir Desktop" = Avira Professional Security "DivX Setup.divx.com" = DivX-Setup "eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe "FileZilla Client" = FileZilla Client 3.6.0.2 "foobar2000" = foobar2000 v1.1.15 "GPL Ghostscript 9.04" = GPL Ghostscript "Identity Card" = Identity Card "Inkscape" = Inkscape 0.48.1 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6 "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "LAME_is1" = LAME v3.99.3 (for Windows) "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "Origin" = Origin "Scribus 1.4.0" = Scribus 1.4.0rc5 "Steam App 10" = Counter-Strike "Steam App 43110" = Metro 2033 "Steam App 570" = Dota 2 "STRATO HiDrive" = STRATO HiDrive (remove only) "VLC media player" = VLC media player 1.1.11 "Wacom Tablet Driver" = Wacom Tablett "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 10:13:32 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 30.11.2012 10:20:26 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0xc54 Startzeit der fehlerhaften Anwendung: 0x01cdcf042fa76e87 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 15a31cc2-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:21:06 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0x1154 Startzeit der fehlerhaften Anwendung: 0x01cdcf05dc113b02 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 2d6e6df1-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:21:56 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0xb50 Startzeit der fehlerhaften Anwendung: 0x01cdcf05f1ac8c9d Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 4b022814-3af9-11e2-ba59-1c750840180a Error - 30.11.2012 10:22:31 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: DivXMFSource.dll, Version: 1.0.0.72, Zeitstempel: 0x4cffcff8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000e5ec6 ID des fehlerhaften Prozesses: 0x3c8 Startzeit der fehlerhaften Anwendung: 0x01cdcf060f435401 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll Berichtskennung: 5fe8336b-3af9-11e2-ba59-1c750840180a Error - 02.12.2012 06:49:13 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 02.12.2012 07:38:43 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4cf4536a Ausnahmecode: 0xc0000005 Fehleroffset: 0x6898bb89 ID des fehlerhaften Prozesses: 0x808 Startzeit der fehlerhaften Anwendung: 0x01cdd0817b7addeb Pfad der fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Pfad des fehlerhaften Moduls: QuickTime.qts Berichtskennung: d2bd2984-3c74-11e2-ba59-1c750840180a Error - 10.12.2012 14:37:30 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Avira Antivirus | ID = 4129 Description = Das Update von LAPTOPNAME_GEÄNDERT (127.0.0.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 10.12.2012 20:14:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1574 Startzeit: 01cdd7059b2bf7e1 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: a54a3bca-4327-11e2-9ae1-1c750840180a Error - 14.12.2012 11:40:03 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Name des fehlerhaften Moduls: VECTOR~2.EXE, Version: 17.0.3.0, Zeitstempel: 0x4f635e4a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0094ea5f ID des fehlerhaften Prozesses: 0x173c Startzeit der fehlerhaften Anwendung: 0x01cdda0427d892c6 Pfad der fehlerhaften Anwendung: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Pfad des fehlerhaften Moduls: C:\PROGRA~2\VECTOR~1\VECTOR~2.EXE Berichtskennung: 8655e804-4604-11e2-902d-1c750840180a [ Media Center Events ] Error - 31.03.2011 11:25:03 | Computer Name = BjoernsAcer | Source = MCUpdate | ID = 0 Description = 17:25:03 - Fehler beim Herstellen der Internetverbindung. 17:25:03 - Serververbindung konnte nicht hergestellt werden.. Error - 31.03.2011 11:25:13 | Computer Name = BjoernsAcer | Source = MCUpdate | ID = 0 Description = 17:25:08 - Fehler beim Herstellen der Internetverbindung. 17:25:08 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 11:20:35 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 17:20:35 - Fehler beim Herstellen der Internetverbindung. 17:20:35 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 11:20:45 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 17:20:40 - Fehler beim Herstellen der Internetverbindung. 17:20:40 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 12:20:49 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 18:20:49 - Fehler beim Herstellen der Internetverbindung. 18:20:49 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 12:20:55 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 18:20:54 - Fehler beim Herstellen der Internetverbindung. 18:20:54 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 13:21:00 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 19:21:00 - Fehler beim Herstellen der Internetverbindung. 19:21:00 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 13:21:05 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = MCUpdate | ID = 0 Description = 19:21:05 - Fehler beim Herstellen der Internetverbindung. 19:21:05 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 18:57:45 | Computer Name = blackbetty | Source = MCUpdate | ID = 0 Description = 00:57:45 - Fehler beim Herstellen der Internetverbindung. 00:57:45 - Serververbindung konnte nicht hergestellt werden.. Error - 15.04.2011 18:57:54 | Computer Name = blackbetty | Source = MCUpdate | ID = 0 Description = 00:57:51 - Fehler beim Herstellen der Internetverbindung. 00:57:51 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 14.12.2012 13:39:07 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Disk | ID = 262159 Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit. Error - 16.12.2012 12:00:20 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error - 16.12.2012 12:29:48 | Computer Name = LAPTOPNAME_GEÄNDERT | Source = ipnathlp | ID = 31004 Description = < End of report > Ich hoffe, ich habe keinen Schritt der Threaderstellung vergessen... Schonmal vielen Dank für die Hilfe! |
| Themen zu "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt |
| akamai, antivir, avira, bho, c:\windows\system32\cmd.exe, error, fehler, firefox, flash player, frage, helper, hijack, home, install.exe, jdownloader, logfile, mywinlocker, plug-in, problem, programm, realtek, registry, scan, security, sketchup, spotify web helper, svchost.exe, system, teamspeak, trojaner, viren, windows |
Baum-Darstellung