|
Log-Analyse und Auswertung: avp.exe 50% Auslastung. erst nach beenden PC NutzbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.12.2012, 14:19 | #1 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Hi, jedes mal nach dem Start, arbeitet Kaspersky Internet Security auf 50%. Jedoch ist mein PC NULL nutzbar, erst wenn ich es nach Mühe schaffe, das Programm zu beenden. Was er macht, weiß ich nicht. Virenscan nicht. Hier mal der Log nach beenden und wieder starten des Programms: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:13:03, on 23.12.2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Windows\system32\wuauclt.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe D:\Users\Chris\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: XXX - hier stimmen zwei Einträge, die nicht öffentlich sollen O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" O4 - HKLM\..\Run: [ACPW06DE] "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06DE O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: hpqtra08.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Free YouTube Download - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C182C14B-098A-4CE8-AC33-B1C1EDD19792}: NameServer = 85.88.19.10,85.88.19.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- End of file - 12874 bytes |
25.12.2012, 02:27 | #2 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Nichts auffälliges?
__________________Kann geschlossen werden. Kann geschlossen werden. |
26.12.2012, 13:14 | #3 |
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC NutzbarEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
26.12.2012, 18:12 | #4 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Hi, ich hätte wohl vorher lesen sollen, statt einfach zu posten Hier die Files: OTL.txt: Code:
ATTFilter OTL logfile created on: 26.12.2012 17:55:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\USERNAME\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,98% Memory free 5,99 Gb Paging File | 4,70 Gb Available in Paging File | 78,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,38 Gb Total Space | 8,50 Gb Free Space | 13,41% Space Free | Partition Type: NTFS Drive D: | 402,28 Gb Total Space | 107,39 Gb Free Space | 26,70% Space Free | Partition Type: NTFS Drive E: | 372,61 Gb Total Space | 49,58 Gb Free Space | 13,31% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 9,77 Gb Free Space | 2,10% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 1,71 Gb Free Space | 0,18% Space Free | Partition Type: NTFS Drive J: | 1,88 Gb Total Space | 1,80 Gb Free Space | 96,06% Space Free | Partition Type: FAT32 Computer Name: PC-Name | User Name: USERNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\USERNAME\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla FirePC-Name\firePC-Name.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\System32\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla FirePC-Name\mozjs.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU () MOD - C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU () MOD - C:\Programme\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\System32\APOMngr.DLL () ========== Services (SafeList) ========== SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found DRV - (XDva383) -- C:\Windows\system32\XDva383.sys File not found DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (a0slyqzl) -- File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (ha20x2k) -- C:\Windows\System32\drivers\ha20x2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTEXFIFX.SYS) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTEXFIFX) -- C:\Windows\System32\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV - (CTHWIUT.SYS) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CTHWIUT) -- C:\Windows\System32\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV - (CT20XUT.SYS) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (CT20XUT) -- C:\Windows\System32\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV - (cpudrv) -- C:\Programme\SystemRequirementsLab\cpudrv.sys () DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (AVerAF35) -- C:\Windows\System32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (dptrackerd) -- C:\Windows\System32\drivers\dptrackerd.sys (DigitalPeers) DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (DIG_V) -- C:\Windows\System32\drivers\dig_v.sys (Pinnacle Systems GmbH) DRV - (DIG_TS) -- C:\Windows\System32\drivers\dig_ts.sys (Pinnacle Systems GmbH) DRV - (DSDrv4) -- C:\Programme\DScaler\DSDrv4.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (QCDonner) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 98 AD 62 81 16 CC 01 [binary data] IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FirePC-Name ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1 FF - prefs.js..extensions.enabledAddons: %7B02450954-cdd9-410f-b1da-db804e18c671%7D:0.96.5-BlackMax FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.89 FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15 FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirePC-NamePlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.09.18 18:13:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirePC-NameExtn [2012.10.22 09:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 20:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 20:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 20:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 20:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\FirePC-Name\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 20:56:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla FirePC-Name 12.0\extensions\\Components: C:\Programme\Mozilla FirePC-Name\components [2012.12.07 01:22:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla FirePC-Name 12.0\extensions\\Plugins: C:\Programme\Mozilla FirePC-Name\plugins [2012.12.22 18:15:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla FirePC-Name 17.0.1\extensions\\Components: C:\Program Files\Mozilla FirePC-Name\components [2012.12.07 01:22:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla FirePC-Name 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla FirePC-Name\plugins [2012.12.22 18:15:27 | 000,000,000 | ---D | M] [2010.10.30 19:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\Extensions [2012.05.22 04:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\b1l2m0hm.USERNAME\extensions [2012.05.22 04:21:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\b1l2m0hm.USERNAME\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.12.25 19:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\n4ygfv8t.default\extensions [2012.10.02 02:15:56 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\n4ygfv8t.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.11.02 03:52:36 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\n4ygfv8t.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.12.25 19:05:49 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\USERNAME\AppData\Roaming\mozilla\FirePC-Name\Profiles\n4ygfv8t.default\extensions\ich@maltegoetz.de [2011.04.28 01:52:14 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\tineye@ideeinc.com.xpi [2011.11.18 20:07:09 | 000,077,813 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2012.03.13 22:00:50 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2012.09.13 18:14:55 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.10.11 04:20:40 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2011.04.06 01:22:40 | 000,091,556 | ---- | M] () (No name found) -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011.04.22 15:34:09 | 000,002,006 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\searchplugins\ask.uk.xml [2012.04.09 06:43:30 | 000,003,970 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\mozilla\firePC-Name\profiles\n4ygfv8t.default\searchplugins\sweetim.xml [2012.12.22 18:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla FirePC-Name\extensions [2012.12.20 20:56:28 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2012.12.07 01:22:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firePC-Name\components\browsercomps.dll [2011.11.18 20:02:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\amazondotcom-de.xml [2012.08.29 18:07:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\bing.xml [2011.11.18 20:02:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\eBay-de.xml [2011.05.23 21:38:25 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\fcmdSrch.xml [2011.11.18 20:02:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\leo_ende_de.xml [2011.11.18 20:02:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\wikipedia-de.xml [2011.11.18 20:02:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firePC-Name\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.16 17:11:19 | 000,001,782 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts ALLES KORREKT IN DER hosts O1 - Hosts: 9 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACPW06DE] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C182C14B-098A-4CE8-AC33-B1C1EDD19792}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C182C14B-098A-4CE8-AC33-B1C1EDD19792}: NameServer = 85.88.19.10,85.88.19.11 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a935607e-c283-11df-8389-0018f31a4132}\Shell - "" = AutoRun O33 - MountPoints2\{a935607e-c283-11df-8389-0018f31a4132}\Shell\AutoRun\command - "" = L:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.26 17:53:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\USERNAME\Desktop\OTL.exe [2012.12.24 01:49:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.24 01:49:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.24 01:48:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.24 01:48:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.24 01:48:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.24 01:48:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.24 01:48:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.24 01:48:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.24 01:48:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.24 01:48:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.24 01:41:51 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.24 01:41:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.24 01:41:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.24 01:41:37 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.24 01:41:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.24 01:41:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.24 01:41:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.24 01:41:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.24 01:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.24 01:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.24 01:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.24 01:41:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.24 01:41:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.24 01:41:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.24 01:41:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.24 01:41:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.24 01:41:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.18 20:59:48 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Local\{4AF2B9C8-C438-48E6-9F5C-634919E98819} [2012.12.15 17:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coolcolor Text Generator [2012.12.15 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Coolcolor Text Generator [2012.12.08 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Local\{9D7DCCA8-28C4-418B-B42D-C67F7C4A6303} [2012.12.07 01:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla FirePC-Name [2012.12.01 19:57:29 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Local\{F87AD3CE-853E-49BA-BD36-0AAB8952D98E} [2012.11.28 22:11:46 | 000,000,000 | ---D | C] -- C:\Users\USERNAME\AppData\Local\{580B8D72-00FE-4406-A668-626671D72C92} [2 D:\Users\USERNAME\Documents\*.tmp files -> D:\Users\USERNAME\Documents\*.tmp -> ] [1 D:\Users\USERNAME\Desktop\*.tmp files -> D:\Users\USERNAME\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.26 17:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\USERNAME\Desktop\OTL.exe [2012.12.26 17:52:39 | 000,091,988 | ---- | M] () -- D:\Users\USERNAME\Documents\cc_20121226_175231.reg [2012.12.26 17:30:44 | 000,021,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 17:30:44 | 000,021,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.26 17:30:21 | 000,711,060 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.26 17:30:21 | 000,664,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.26 17:30:21 | 000,154,046 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.26 17:30:21 | 000,126,076 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.26 17:25:36 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2012.12.26 17:25:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.26 17:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012.12.26 17:24:42 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 06:15:55 | 000,055,168 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000005-00281102}.rfx [2012.12.26 06:15:55 | 000,055,168 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-0000000A-00001102-00000005-00281102}.rfx [2012.12.26 06:15:55 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-0000000A-00001102-00000005-00281102}.rfx [2012.12.25 14:58:36 | 000,050,477 | ---- | M] () -- D:\Users\USERNAME\Desktop\Defogger.exe [2012.12.24 14:52:12 | 003,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.24 01:39:58 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.22 18:07:36 | 000,000,044 | ---- | M] () -- C:\unconfirm.ini [2012.12.18 23:08:13 | 001,096,746 | ---- | M] () -- D:\Users\USERNAME\Desktop\ich-neu.jpg [2012.12.18 20:30:38 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.18 00:14:50 | 000,000,600 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\winscp.rnd [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.13 20:24:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.13 20:24:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.10 02:42:29 | 000,000,600 | ---- | M] () -- C:\Users\USERNAME\AppData\Local\PUTTY.RND [2012.12.04 23:38:25 | 000,000,132 | ---- | M] () -- C:\Users\USERNAME\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.12.03 21:05:30 | 000,001,456 | ---- | M] () -- C:\Users\USERNAME\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2 D:\Users\USERNAME\Documents\*.tmp files -> D:\Users\USERNAME\Documents\*.tmp -> ] [1 D:\Users\USERNAME\Desktop\*.tmp files -> D:\Users\USERNAME\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.26 17:52:37 | 000,091,988 | ---- | C] () -- D:\Users\USERNAME\Documents\cc_20121226_175231.reg [2012.12.25 14:58:35 | 000,050,477 | ---- | C] () -- D:\Users\USERNAME\Desktop\Defogger.exe [2012.12.22 18:07:36 | 000,000,044 | ---- | C] () -- C:\unconfirm.ini [2012.12.08 16:43:17 | 001,096,746 | ---- | C] () -- D:\Users\USERNAME\Desktop\ich-neu.jpg [2012.11.08 00:33:35 | 000,061,554 | ---- | C] () -- C:\Users\USERNAME\IMG_1774.JPG [2012.11.08 00:33:35 | 000,033,427 | ---- | C] () -- C:\Users\USERNAME\IMG_1772.JPG [2012.10.01 15:37:42 | 000,245,254 | ---- | C] () -- C:\Windows\hpoins19.dat.temp [2012.10.01 15:37:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp [2012.10.01 15:30:25 | 000,083,498 | ---- | C] () -- C:\Windows\hpqins13.dat [2012.10.01 15:18:21 | 000,078,456 | ---- | C] () -- C:\Windows\hpqins05.dat [2012.09.16 02:47:28 | 000,017,408 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\WebpageIcons.db [2012.07.06 22:35:23 | 000,001,431 | ---- | C] () -- C:\Windows\SplitCam.INI [2012.05.29 04:05:17 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.05.29 04:05:16 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.05 22:14:13 | 1672,750,124 | ---- | C] () -- C:\Users\USERNAME\ts3_recording_12_01_05_22_14_11.wav [2012.01.05 22:01:48 | 114,088,364 | ---- | C] () -- C:\Users\USERNAME\ts3_recording_12_01_05_22_1_46.wav [2011.12.21 02:36:14 | 000,000,000 | ---- | C] () -- C:\Users\USERNAME\cd [2011.11.28 20:51:05 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.10.30 23:02:41 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI [2011.10.30 22:37:57 | 000,000,195 | ---- | C] () -- C:\Windows\IfoEdit.INI [2011.10.23 20:52:12 | 346,533,164 | ---- | C] () -- C:\Users\USERNAME\ts3_recording_11_10_23_21_52_8.wav [2011.10.19 10:55:48 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2011.10.19 10:55:48 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2011.10.14 07:02:21 | 000,001,456 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.10.11 22:37:19 | 000,008,176 | ---- | C] () -- C:\Users\USERNAME\myt.php [2011.10.10 12:53:30 | 003,767,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.26 00:15:53 | 004,929,348 | ---- | C] () -- C:\Users\USERNAME\Unbenannt-1.psd [2011.09.23 14:44:52 | 000,100,715 | ---- | C] () -- C:\Users\USERNAME\Add Hexcode FIFA11 for DSTT(infolib, extinfo, savlib).rar [2011.08.27 23:42:09 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.08.24 02:53:39 | 000,046,144 | ---- | C] () -- C:\Users\USERNAME\600px-Awesome_rage.jpg [2011.08.23 02:06:34 | 000,000,600 | ---- | C] () -- C:\Users\USERNAME\PUTTY.RND [2011.08.12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.05.27 01:59:30 | 000,001,469 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\dvdae.config [2011.05.25 17:25:41 | 000,058,394 | ---- | C] () -- C:\Users\USERNAME\Moppel.jpg [2011.04.30 22:26:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2011.04.30 22:26:27 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2011.04.30 22:26:26 | 000,606,208 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2011.04.30 22:26:26 | 000,311,296 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2011.04.30 22:26:26 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2011.04.30 22:26:26 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2011.04.30 22:26:26 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2011.04.30 22:26:26 | 000,225,280 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2011.04.30 22:26:26 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2011.04.04 18:08:23 | 014,383,616 | ---- | C] () -- C:\ProgramData\gta_sa.exe [2011.04.04 02:06:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.04 02:05:51 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.12 23:17:57 | 000,225,280 | ---- | C] () -- C:\Users\USERNAME\de.cls.wcf.partnererweiterung_2.0.3_.tar [2011.03.03 04:02:22 | 001,771,440 | ---- | C] () -- C:\Users\USERNAME\IOS36-64-V3351.wad [2011.02.23 17:21:43 | 000,094,900 | ---- | C] () -- C:\Users\USERNAME\2_5 USB 3.0 Evolution Slim UG GERMAN.pdf [2011.01.23 02:46:23 | 000,000,132 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.01.21 23:32:11 | 000,110,722 | ---- | C] () -- C:\Users\USERNAME\1.jpg [2011.01.07 03:06:29 | 006,038,876 | ---- | C] () -- C:\Users\USERNAME\dzcp_gs_template017.zip [2011.01.03 22:53:16 | 000,142,300 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.11.25 01:52:20 | 000,082,095 | ---- | C] () -- C:\Users\USERNAME\rose_Franzimaus.jpg [2010.11.10 03:25:18 | 000,007,611 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\Resmon.ResmonCfg [2010.10.16 01:34:15 | 000,138,056 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\PnkBstrK.sys [2010.09.29 15:53:28 | 000,000,132 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.09.24 22:15:23 | 000,153,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.19 00:09:46 | 000,000,097 | ---- | C] () -- C:\Users\USERNAME\.Xauthority [2010.09.18 00:20:27 | 000,000,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Local\PUTTY.RND [2010.09.17 23:52:25 | 000,000,600 | ---- | C] () -- C:\Users\USERNAME\AppData\Roaming\winscp.rnd ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.01.07 02:26:50 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ACD Systems [2012.12.21 16:28:21 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Amazon [2012.11.12 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Artisteer [2012.05.23 05:57:47 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\CamTrack [2011.10.03 15:36:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Cuttermaran [2012.12.26 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DAEMON Tools Lite [2012.08.09 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DVDVideoSoft [2012.08.09 19:13:16 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\DVDVideoSoftIEHelpers [2012.12.26 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\FileZilla [2011.12.22 22:07:28 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\HTC [2012.02.27 15:54:42 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.12.26 06:14:51 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ICQ [2011.10.14 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Image-Line [2011.06.23 23:52:12 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ImgBurn [2011.10.02 06:27:05 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\jomic [2011.05.29 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Leadertech [2011.10.03 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\LEAPS [2012.03.26 04:31:42 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\MyPhoneExplorer [2012.12.26 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Notepad++ [2011.04.22 15:34:02 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\OCS [2011.04.22 15:34:09 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Opera [2011.09.24 00:34:29 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Outlook [2011.10.03 21:46:19 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Pegasys Inc [2011.10.30 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 [2010.10.17 20:28:08 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\ScreeNet iSaver [2011.08.23 00:25:23 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\SecondLife [2011.03.17 01:49:59 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Steinberg [2011.10.14 20:09:26 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\SynthMaker [2012.06.04 06:05:03 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TeamViewer [2012.12.26 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TS3Client [2011.01.20 04:57:47 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\TuneUp Software [2012.12.26 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\uTorrent [2011.03.17 01:49:59 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\VST3 Presets [2011.10.10 05:59:41 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Wise Disk Cleaner [2011.12.21 01:25:05 | 000,000,000 | -HSD | M] -- C:\Users\USERNAME\AppData\Roaming\wyUpdate AU [2011.10.30 22:00:47 | 000,000,000 | ---D | M] -- C:\Users\USERNAME\AppData\Roaming\Xilisoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.12.2012 17:55:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\USERNAME\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,98% Memory free 5,99 Gb Paging File | 4,70 Gb Available in Paging File | 78,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,38 Gb Total Space | 8,50 Gb Free Space | 13,41% Space Free | Partition Type: NTFS Drive D: | 402,28 Gb Total Space | 107,39 Gb Free Space | 26,70% Space Free | Partition Type: NTFS Drive E: | 372,61 Gb Total Space | 49,58 Gb Free Space | 13,31% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 9,77 Gb Free Space | 2,10% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 1,71 Gb Free Space | 0,18% Space Free | Partition Type: NTFS Drive J: | 1,88 Gb Total Space | 1,80 Gb Free Space | 96,06% Space Free | Partition Type: FAT32 Computer Name: PC-Name | User Name: USERNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3061376349-1637372711-2336363411-1000\SOFTWARE\Classes\<extension>] .html [@ = FirePC-NameHTML] -- C:\Programme\Mozilla FirePC-Name\firePC-Name.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C7B963-B363-4C37-89A4-DD141EE41923}" = rport=139 | protocol=6 | dir=out | app=system | "{04CA696A-6774-4406-8F43-2473775856A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0C281299-3C4E-45A6-8184-B4CF44705690}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{0EDBA6CF-275D-4D90-8B0E-920E3E025E3C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{205AEADC-760B-4211-B547-3201A9268CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{23022C43-4414-419A-B2F5-95DBD044E570}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{25DFC57D-B8A1-4130-9F49-96EFB797EA74}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{26DED956-9F38-4EF8-A7A4-CFF2548CB4FA}" = rport=137 | protocol=17 | dir=out | app=system | "{2A228680-BB48-4B9D-B263-AC30BEAC9BA6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{2DC9C5C3-7BB6-42BE-97F5-0545EEAABC03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{33F8A250-3A41-4009-B015-6C9289B11467}" = rport=2869 | protocol=6 | dir=out | app=system | "{38B65C32-223C-4029-A0AF-0E8158A7DA5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{403E887E-6C81-4D71-89F9-BF59EDE40D43}" = rport=138 | protocol=17 | dir=out | app=system | "{596F239D-D43C-4EF3-A1C7-501B651CF811}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{6C9CE711-B166-4D7C-84B2-DB8D73228BC6}" = lport=2869 | protocol=6 | dir=in | app=system | "{6F5F9DE5-900E-486A-AD41-E171F7CFC638}" = lport=139 | protocol=6 | dir=in | app=system | "{6FC86772-497E-4120-ACC0-8E7F0240FEEE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{70A54707-686C-46EE-96E2-3F35103245BB}" = lport=10243 | protocol=6 | dir=in | app=system | "{77BC7984-3B4F-4D0E-B264-16CC907703C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{82E4163E-34CD-436C-A349-C6854FD5524A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{95E87C9B-2006-44C1-A8E8-99AC8CAFE46D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A102CE9E-EBBC-4FDA-B4F9-560D8F2040C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A205EC4D-1D74-4ACC-925B-95491E67D8DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AF6B85CA-9E08-42EF-818D-DAF41D1DF021}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B09686A9-FD89-4808-99C7-CFD55EDC684E}" = lport=2869 | protocol=6 | dir=in | app=system | "{B17C346B-D740-4EF5-8ADA-D589B8DB8015}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B8256F09-4719-431C-8731-067DF0DCBB80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B8556B36-9DCA-47F2-8931-29437B637B26}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B9A4C808-95D8-40A2-A222-51D12F36096D}" = rport=445 | protocol=6 | dir=out | app=system | "{C24E672C-9DDB-4872-AAFC-84FF926EC80F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D331FBC5-BC81-47D6-BCD1-C5DF4F5198BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7F0BEE9-3EDE-4AAE-B8E5-7FD9066E629E}" = lport=138 | protocol=17 | dir=in | app=system | "{DB235DD1-9EC0-472B-8748-57D748D4EE52}" = lport=445 | protocol=6 | dir=in | app=system | "{DB499973-DE3B-4757-8031-CC3455451BC2}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{DF30A477-ED70-48CF-8D71-2332C2A045FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F42D699A-AC68-4650-86F2-4D9A6F4578D4}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface | "{F81BF8CD-3A33-44E2-97B3-D1FAB88590C1}" = rport=10243 | protocol=6 | dir=out | app=system | "{F85B1327-362B-4E78-A194-43E3D610B084}" = lport=2869 | protocol=6 | dir=in | app=system | "{FC90CC49-5CB3-4A3B-917B-989A126F1885}" = lport=137 | protocol=17 | dir=in | app=system | "{FD9E2BD2-AE67-4131-8F2C-CC956D0D04E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0363EFA7-89A2-439D-B088-E5AA304CAB6E}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield 2\bf2.exe | "{074B7435-98A2-4B8B-9C56-8002720252EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CA19611-B58A-4C26-A8E0-8E1F79A1EF4B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{0F3EFBD1-1039-4B4C-AC03-456A0A8551EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{153202D2-FBA6-40B7-A896-FBF24270CB74}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | "{171E06DC-9DF3-4D9E-BB9C-3AB6801E9A17}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{19470F2D-2A6C-4177-88A2-E7D4483A754B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1B045438-C43A-4381-B794-7069AA9BC134}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1FC7E2D8-522A-4AC6-B084-AC8488073EA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21050420-887E-4789-ADF9-C7A442997A1B}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{292682D5-82DD-4825-9EC7-D3C7114D2C07}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{29A2A2A6-C57F-4BAE-B720-C119F4193CC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2B70B0A6-456F-48BF-AA7B-4F360F6CD770}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{31AB5B0F-F548-4EE8-ABDC-60EA7A99DF81}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3679E768-6236-4D86-B627-AF00152D2D4B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{36B1B4BC-5224-4EC1-BE4C-6B07421D6071}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3A724F02-E397-4660-8D25-B682DD7DA7C0}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe | "{3CFA3AE9-47B1-4577-963C-AFFDE06F2989}" = protocol=6 | dir=in | app=e:\spiele\grand theft auto iv\launchgtaiv.exe | "{401C0BBF-97E8-402E-9612-982C0F660B66}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | "{423F278D-3F02-410F-A3A2-7DEA420F591A}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\crysis\bin32\crysis.exe | "{44864454-8FF3-4323-8961-36EADE2D0689}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{4597AEAF-E6BC-45C3-B6EA-AD90B8E50127}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D1C8137-F8A5-446C-B83A-86DB317FE218}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{54DB0206-D584-4CB1-BE4D-703EE38C7AC3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{5D5EF082-9C59-4206-A2E9-2BEF953B077E}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | "{5E51F6F0-C1D8-4111-97FC-7860499DDB41}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{67B76A5B-FD83-4C7E-A1AA-B75891872FF1}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{6ACCD523-FDEB-41A4-ADCD-42614746A394}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{6B1ED1CF-967C-41AC-B110-E3D24575CC4A}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{6B304DCF-3AF1-4452-9541-203ECCF471F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6E7609F3-AF66-49C8-A399-E0C9D0AB23AD}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{714E66D0-767A-4CF7-B756-CAB04A9F758C}" = protocol=17 | dir=in | app=e:\spiele\grand theft auto iv\launchgtaiv.exe | "{71C55B6E-3487-439B-BD84-340CA004EB37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{77B21413-46ED-4022-B6E8-23E4797901D2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{78958CCF-E552-4086-805B-76869FFE4C6F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{797516F3-49C5-41D7-8A95-A2BFE30E66F1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{7A38D0D2-5024-4822-9C19-52E9B5EE2220}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{7CCFFE78-0C96-439C-B465-6959AF5A65B0}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe | "{7E4A6097-93B0-4E86-AEAA-054A2A9E3111}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{84868596-7F0A-4FCA-95CF-5F5CD4EA3F83}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{8AB7B73D-29E6-4913-891B-16E22604B108}" = protocol=6 | dir=in | app=e:\spiele\need for speed - hot pursuit 2010\launcher.exe | "{8BC9B893-9541-4BD0-83E9-8E6A2E9FDD1B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{912F2ACA-DD14-47AC-8D56-C6507B0DDA18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{92ABDC9F-7D38-4324-A77C-1A3B97934B90}" = protocol=6 | dir=out | app=system | "{935EC6B3-DD60-4FCB-AB46-29881E78E758}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D44C7C0-062D-4629-8360-C02FAC957979}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{9DE5DBDF-B50C-4B54-8A48-673F2DC5B2C1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A1029362-62C4-4FB9-B710-CDA13FC2D1A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{AE42AC80-C1A4-4D82-8D28-F238184AA56D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B0BBB2EA-7F47-462B-ACA0-83835415110D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B7B1013D-F8A2-4C72-838A-6F8197A18875}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | "{BE64F132-76F2-4137-8C3D-659B72712ECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF3EA96B-9F64-452D-B8B3-5E10A24A0018}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\crysis\bin32\crysis.exe | "{C4C561DE-84D3-4B9C-8395-4DD1A7D9093E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C81AC62D-0267-4257-85F1-9F870A1DD279}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | "{C8D414E7-AF0E-4C86-AC7B-93BF16E44484}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield 2\bf2.exe | "{CAF4143D-290E-4636-AE6E-01F1E1570763}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{CBAF05DE-1626-4A6B-A993-1AB746E206BC}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | "{D0350942-D4A0-4CB6-B2F2-694B1F13235E}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\crysis wars\bin32\crysis.exe | "{D1E85C26-9E68-421B-8459-33DDD20C6853}" = protocol=6 | dir=in | app=c:\program files\utorrent3\utorrent.exe | "{D4874BA0-6FE0-4808-BEF8-D0FD1C2FF6A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D9DFD9AE-C4E4-4CEA-A444-EE21668DD403}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{DA9B1E00-1E5B-40DB-869D-249B8E064211}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm | "{DB8FA375-6E91-4E65-A411-FC6CAE3F55C1}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | "{DC53929B-9474-43D0-B5D8-3F38414913A5}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\crysis wars\bin32\crysis.exe | "{E19C7EC0-FF5B-482D-9528-AEA133A23C15}" = protocol=17 | dir=in | app=e:\spiele\need for speed - hot pursuit 2010\launcher.exe | "{E1B4CE26-1EB4-42E3-AA0B-9F17056B683D}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{E3B103C3-A9E9-4492-88BE-46FDEEC93F3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EA90228B-FF17-4A8E-94C3-05B15D60BFC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE95B232-D447-4BFA-AD0B-3F38C583FF4F}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\battlefield 2\support\ea help\electronic_arts_technical_support.htm | "{EF80B502-4FAF-4DBB-AC88-5B943126B644}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{F16522C5-CBC7-43F7-8F5A-29E5580A2512}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{F56B11DD-306E-4164-BC2F-85214FBED1E3}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | "{F7742B13-74FD-4B98-A824-03AF07708C70}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F84B9A0C-7D56-4568-91BF-97FF1B862F13}" = protocol=17 | dir=in | app=c:\program files\utorrent3\utorrent.exe | "{F9229439-E58A-498E-AF51-A218E9316726}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{F9DACAD8-40B7-4FDB-B4CF-FE2F6ACC6823}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FE79B516-88AA-43A5-A4D6-3DB60AD732C4}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{FF90FE35-D739-43C5-AE18-5BCAE9B60FEB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.8 Build #6800 Banner Remover 1.0 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{526B2AE8-73DF-4CE0-B140-9968677A7C93}" = HTC Sync "{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE11A673-E24C-4290-9A33-ED66E8662C9C}" = Ultimate Multi Tool "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AnyDVD" = AnyDVD "Artisteer 3" = Artisteer 3 "Artisteer 4" = Artisteer 4 "Audacity_is1" = Audacity 1.2.6 "AudioCS" = Creative Audio-Systemsteuerung "Audiograbber" = Audiograbber 1.83 SE "AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.0.28 "Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00 "CamTrack_is1" = CamTrack "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Coolcolor Text Generator_is1" = Coolcolor Text Generator 1.0 "DScaler 4.1.15_is1" = DScaler 4.1.15 "DVD Audio Extractor_is1" = DVD Audio Extractor 5.3.0 "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch "F.E.A.R. 2: Project Origin" = F.E.A.R. 2: Project Origin "ffdshow_is1" = ffdshow v1.1.3974 [2011-08-22] "FileZilla Client" = FileZilla Client 3.6.0.2 "FL Studio 10" = FL Studio 10 "FLAC" = FLAC 1.2.1b (remove only) "FLV Player" = FLV Player 2.0 (build 25) "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.11.508 "Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "GamersFirst War Rock" = War Rock "Hitman Sniper Challenge_is1" = Hitman Sniper Challenge "HyperCam 2" = HyperCam 2 "ImgBurn" = ImgBurn "InstallShield_{FE11A673-E24C-4290-9A33-ED66E8662C9C}" = Ultimate Multi Tool "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "MediaInfo" = MediaInfo 0.7.59 "MediaMonkey_is1" = MediaMonkey 3.2 "Messenger Plus!" = Messenger Plus! 6 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "mIRC" = mIRC "Mozilla FirePC-Name 12.0 (x86 de)" = Mozilla FirePC-Name 12.0 (x86 de) "Mozilla FirePC-Name 17.0.1 (x86 de)" = Mozilla FirePC-Name 17.0.1 (x86 de) "MPE" = MyPhoneExplorer "NeroShowTime!UninstallKey" = Nero ShowTime CE "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "PunkBusterSvc" = PunkBuster Services "Saints Row 2 Update 2" = Saints Row 2 Update 2 "SplitCam" = SplitCam "Steam App 10" = Counter-Strike "Steam App 17300" = Crysis "Steam App 17330" = Crysis Warhead "Steam App 17340" = Crysis Wars "Steam App 211" = Source SDK "Steam App 240" = Counter-Strike: Source "Steam App 24740" = Burnout Paradise: The Ultimate Box "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 320" = Half-Life 2: Deathmatch "Steam App 440" = Team Fortress 2 "Steam App 730" = Counter-Strike: Global Offensive "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "WaveLabPro" = WaveLab 6 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.3.9 "Wise Disk Cleaner_is1" = Wise Disk Cleaner 6.15 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.12.2012 12:57:41 | Computer Name = PC-Name | Source = VSS | ID = 8194 Description = Error - 23.12.2012 12:15:47 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.12.2012 12:16:45 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Ultimate Multi Tool\bin\drivers\dpinstx64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.12.2012 12:17:50 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Spiele\Steam\steamapps\common\crysis wars\Bin64\Crysis.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.12.2012 12:17:50 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Spiele\Steam\steamapps\common\crysis wars\Bin64\CrysisWarsDedicatedServer.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.12.2012 19:45:03 | Computer Name = PC-Name | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc04d Name des fehlerhaften Moduls: hpzids01.dll, Version: 13.0.338.0, Zeitstempel: 0x4a1cc51a Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002641a ID des fehlerhaften Prozesses: 0x83c Startzeit der fehlerhaften Anwendung: 0x01cde167441da08c Pfad der fehlerhaften Anwendung: C:\Windows\system32\DrvInst.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\hpzids01.dll Berichtskennung: c4fe35cc-4d5a-11e2-b9c8-0018f31a4132 Error - 25.12.2012 12:49:33 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.12.2012 12:50:36 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Ultimate Multi Tool\bin\drivers\dpinstx64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.12.2012 12:52:01 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Spiele\Steam\steamapps\common\crysis wars\Bin64\Crysis.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.12.2012 12:52:01 | Computer Name = PC-Name | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Spiele\Steam\steamapps\common\crysis wars\Bin64\CrysisWarsDedicatedServer.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 27.05.2011 05:56:01 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 11:56:01 - Fehler beim Herstellen der Internetverbindung. 11:56:01 - Serververbindung konnte nicht hergestellt werden.. Error - 27.05.2011 05:56:17 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 11:56:06 - Fehler beim Herstellen der Internetverbindung. 11:56:06 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 08:56:37 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 14:56:37 - Fehler beim Herstellen der Internetverbindung. 14:56:37 - Serververbindung konnte nicht hergestellt werden.. Error - 04.06.2011 08:56:54 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 14:56:42 - Fehler beim Herstellen der Internetverbindung. 14:56:42 - Serververbindung konnte nicht hergestellt werden.. Error - 05.06.2011 07:40:48 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 13:40:48 - Fehler beim Herstellen der Internetverbindung. 13:40:48 - Serververbindung konnte nicht hergestellt werden.. Error - 05.06.2011 07:41:04 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 13:40:53 - Fehler beim Herstellen der Internetverbindung. 13:40:53 - Serververbindung konnte nicht hergestellt werden.. Error - 16.06.2011 06:51:44 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 12:51:44 - Fehler beim Herstellen der Internetverbindung. 12:51:44 - Serververbindung konnte nicht hergestellt werden.. Error - 16.06.2011 06:52:07 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 12:51:49 - Fehler beim Herstellen der Internetverbindung. 12:51:49 - Serververbindung konnte nicht hergestellt werden.. Error - 29.06.2011 04:41:51 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 10:41:51 - Fehler beim Herstellen der Internetverbindung. 10:41:51 - Serververbindung konnte nicht hergestellt werden.. Error - 29.06.2011 04:42:08 | Computer Name = PC-Name | Source = MCUpdate | ID = 0 Description = 10:41:56 - Fehler beim Herstellen der Internetverbindung. 10:41:56 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 22.12.2012 13:43:57 | Computer Name = PC-Name | Source = WMPNetworkSvc | ID = 866300 Description = Error - 23.12.2012 09:05:18 | Computer Name = PC-Name | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. Error - 23.12.2012 11:44:25 | Computer Name = PC-Name | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?12.?2012 um 16:42:28 unerwartet heruntergefahren. Error - 23.12.2012 11:44:30 | Computer Name = PC-Name | Source = BugCheck | ID = 1001 Description = Error - 23.12.2012 20:02:29 | Computer Name = PC-Name | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 24.12.2012 09:56:02 | Computer Name = PC-Name | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. Error - 24.12.2012 19:37:08 | Computer Name = PC-Name | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 24.12.2012 23:05:55 | Computer Name = PC-Name | Source = DCOM | ID = 10010 Description = Error - 25.12.2012 09:43:35 | Computer Name = PC-Name | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?12.?2012 um 14:35:07 unerwartet heruntergefahren. Error - 25.12.2012 09:46:37 | Computer Name = PC-Name | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht. < End of report > Malware Scan habe ich auf höchster Stufe mit Kaspersky Internet Security 2013 gemacht und nichts gefunden. LG Geändert von BlackMax (26.12.2012 um 18:17 Uhr) |
27.12.2012, 02:40 | #5 |
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC Nutzbar |
28.12.2012, 23:07 | #6 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Hallo, wie bereits gesagt, hatte ich den Scan bereits mit Kaspersky durchgeführt! Darum überraschen mich folgende Logs nicht: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 USERNAME :: PC-Name [Administrator] Schutz: Aktiviert 28.12.2012 15:45:16 MBAM-log-2012-12-28 (22-56-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 923847 Laufzeit: 2 Stunde(n), 46 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2012/12/28 15:43:56 +0100 PC-Name USERNAME MESSAGE Executing scheduled update: Daily 2012/12/28 15:44:09 +0100 PC-Name USERNAME MESSAGE Starting protection 2012/12/28 15:44:09 +0100 PC-Name USERNAME MESSAGE Protection started successfully 2012/12/28 15:44:09 +0100 PC-Name USERNAME MESSAGE Starting IP protection 2012/12/28 15:44:11 +0100 PC-Name USERNAME MESSAGE IP Protection started successfully 2012/12/28 15:44:14 +0100 PC-Name USERNAME MESSAGE Starting database refresh 2012/12/28 15:44:14 +0100 PC-Name USERNAME MESSAGE Stopping IP protection 2012/12/28 15:44:14 +0100 PC-Name USERNAME MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2012.12.28.07 2012/12/28 15:44:14 +0100 PC-Name USERNAME MESSAGE IP Protection stopped successfully 2012/12/28 15:44:17 +0100 PC-Name USERNAME MESSAGE Database refreshed successfully 2012/12/28 15:44:17 +0100 PC-Name USERNAME MESSAGE Starting IP protection 2012/12/28 15:44:19 +0100 PC-Name USERNAME MESSAGE IP Protection started successfully LG |
29.12.2012, 04:17 | #7 |
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Deinstalliere Kaspersky vollstaendig, danach: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
29.12.2012, 04:32 | #8 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Hallo, ist es hier im Trend, dass auf Fragen nicht weiter eingegangen wird?! Eine Deinstallation kommt für mich nicht in Frage. Wieso sollte Zwecks Scan's ein stoppen des Programms nicht ausreichen?! Ergibt für mich in keiner Hinsicht Sinn. Steht aber dennoch weit oben im Plan; denn vielleicht schafft eine Reinstallation (und somit auch neuer avp.exe) Abhilfe. Abgesehen davon, hat die Internet Security Version (2013) bereits entsprechende Bereiche im hoch eingestellten Modus untersucht und nichts gefunden. Da vertraue ich ehrlich gesagt wesentlich mehr drauf, als irgend einem Freeware Tool. Ich glaube hier kann mir nicht geholfen werden. Mittlerweile denke ich auch, dass der Fehler nicht in einer (nicht bestehenden) infizierten Datei zu finden ist. Danke trotzdem! LG |
29.12.2012, 04:48 | #9 | |||||
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC NutzbarZitat:
Zitat:
Zitat:
Um Fehler zu finden muss man Fehler-Quellen ausschliessen. Zitat:
99% haben hier einen Virenscanner aktiv mitlaufen, trotzdem werden die Kisten infiziert. Deine Einstellung ist dumm und naiv. Zitat:
Ich bin raus. |
29.12.2012, 05:37 | #10 | ||||
| Gibt es kompetentere Helfer? Hi, und wieso hast Du nicht gleich Deine Vorgehensweisen begründet, damit es entsprechende User nachvollziehen können? Ein wenig Dominant der Herr? Zitat:
Zitat:
Eine Deinstallation hätte keine anderen Ergebnisse Deiner Special-Program's erbracht, als wenn es einfach komplett beendet ist. Zitat:
Dumm und Naiv?? Ahja? Werden wir jetzt ausfallend? Dumm und naiv, Weil ich in Frage stelle, was Du mir hier andrehst? Weil ich eine sinnlose Vorgehensweise erkenne, abweise und somit Dir nicht blind vertraue, was wiederum naiv wäre? Zitat:
LG |
29.12.2012, 16:42 | #11 | |||
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC NutzbarZitat:
Du hast ein gecrackes Office und Photoshop CS5 auf dem Rechner laufen. Zitat:
Zitat:
Du solltest Software kaufen und nicht stehlen! Ein Baustein fuer dich: Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
30.12.2012, 19:09 | #12 |
| avp.exe 50% Auslastung. erst nach beenden PC Nutzbar |
31.12.2012, 09:15 | #13 |
/// Helfer-Team | avp.exe 50% Auslastung. erst nach beenden PC Nutzbar Gruss nach Hamburg |
Themen zu avp.exe 50% Auslastung. erst nach beenden PC Nutzbar |
acrobat update, adobe, avp.exe, bho, converter, desktop, ebanking, explorer, firefox, hijack, hijackthis, hängen, internet, internet explorer, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, mozilla, mp3, plug-in, programm, scan, security, senden, software, starten, system, tastatur, trojaner, windows |